On 27/5/19 12:43 AM, Luuk wrote:
>
> On 26-5-2019 13:52, Adrian Ho wrote:
>> On 26/5/19 7:49 AM, Markos wrote:
>>> I made a program (reading_room.tcl), with Sqlite running on Debian 9,
>>> to control the books of a reading room.
>>>
>>> I implemented an authentication system for common users and
>>> administrator users in the reading_room.tcl program.
>>>
>>> Now I want that any user logged in the Linux be able to run the
>>> program reading_room.tcl, which will access the database (books.db)
>>>
>>> But I want to protect the file books.db so that only the the program
>>> reading_room.tcl can access the books.db file (to read or write). But
>>> that no user could delete or write to the file books.db (only the
>>> program reading_room.tcl)
>> The standard Unix permissions/ACLs architecture doesn't support this use
>> case directly.
>
> Can you give some more information on this, because it seems to work
> as i excpect it to:
>
> Database is 'owned' by user 'luuk', trying to access via 'luuk2', both
> users are in the group 'users':
>
> luuk2@opensuse1:/home/luuk/temp> whoami
> luuk2
> luuk2@opensuse1:/home/luuk/temp> ls -l test.sqlite
> -r--r--r-- 1 luuk users 8192 May 26 18:34 test.sqlite
> luuk2@opensuse1:/home/luuk/temp> sqlite3 test.sqlite
> SQLite version 3.28.0 2019-04-16 19:49:53
> Enter ".help" for usage hints.
> sqlite> select * from test;
> 1
> 2
> sqlite> insert into test values(3);
> Error: attempt to write a readonly database
> sqlite> .q
> luuk2@opensuse1:/home/luuk/temp>
>
The OP wants *all users* to be able to update (write) the DB via the Tcl
script reading_room.tcl, but *not* by (say) running the SQLite shell or
something else. In your setup, as long as a specific user has write
permissions, *every program* the user runs can write to the DB.
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
