On 20/12/2010 19:26, Geoff Nordli wrote:
I guess he has some application he can imprison into a specific read-only
subdirectory, while some other application should be able to read/write or
something like that, using the same username, on the same machine.
It is the same application, but for some functions it needs to use read-only
access or it will modify the files when I don't want it to.
An other alterntative is if the application is running on Solaris then
you can run it with the basic file_write privilege removed. This basic
privilege was added for exactly this type of use case.
$ ppriv -e -s EPIL=basic,!file_write myapp
If it is being started by an SMF service you can remove file_write in
the method_credential section - see smf_method(5).
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
