On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote: > I have a curious problem. > > I need an executable file to be owned by a user's uid and gid > so they can run it.
A user does not need to own a file to be able to run it. All they need is execute permission. So what is the real problem? > HOWEVER, I don't want them to be able to modify or delete the > file and/or it's permissions. Another program will do that. Deleting or creating a file requires write access in the directory containg the file reference -- it has nothing to do with the permissions on the file itself. Malcolm > > This, under standard Unix permissions, is a tad difficult. :-) > > ACL's don't help here as the owner of a file has the ability > to change permissions. > > I could set the immutable bit (Linux term for the schg flag) > but the modifying program does not recognise this flag and > will thus fail to modify the file. > (I have no control over the modifying program). > > Any ideas? > > I don't want to go down the line of using BSD MAC but I'm > starting to think I may have too just to be able to prevent > the user from modifying ONE file! (I'm not even sure I could > implement this using MAC anyway). > > Cheers, > Brett. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"