On 26/5/19 9:10 PM, Graham Holden wrote:
> You should probably also make sure that users cannot alter the tcl
> file through which they access the database file; probably something
> like: 
>
> chown reading_room /path/to/reading_room.tcl
> chmod 644 /path/to/reading_room.tcl

Good point. In fact, since most Linux distros (including Debian, I
think) create a dedicated eponymous group by default for each new user,
this can be tightened further:

chown reading_room /path/to/reading_room.tcl
chgrp aho /path/to/reading_room.tcl
chmod 560 /path/to/reading_room.tcl

That leaves me able to edit the script without fancy sudo footwork,
while ensuring that everyone (including me) needs to sudo as user
"reading_room" to actually run it.


_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to