On 26/5/19 9:10 PM, Graham Holden wrote: > You should probably also make sure that users cannot alter the tcl > file through which they access the database file; probably something > like: > > chown reading_room /path/to/reading_room.tcl > chmod 644 /path/to/reading_room.tcl
Good point. In fact, since most Linux distros (including Debian, I think) create a dedicated eponymous group by default for each new user, this can be tightened further: chown reading_room /path/to/reading_room.tcl chgrp aho /path/to/reading_room.tcl chmod 560 /path/to/reading_room.tcl That leaves me able to edit the script without fancy sudo footwork, while ensuring that everyone (including me) needs to sudo as user "reading_room" to actually run it. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users