On Tue, 9 Jan 2007 04:02 pm, Garrett Cooper wrote: > Malcolm Kay wrote: > > On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote: > >> I have a curious problem. > >> > >> I need an executable file to be owned by a user's uid and > >> gid so they can run it. > > > > A user does not need to own a file to be able to run it. All > > they need is execute permission. So what is the real > > problem? > > > >> HOWEVER, I don't want them to be able to modify or delete > >> the file and/or it's permissions. Another program will do > >> that. > > > > Deleting or creating a file requires write access in the > > directory containg the file reference -- it has nothing to > > do with the permissions on the file itself. > > > > Malcolm > > > >> This, under standard Unix permissions, is a tad difficult. > >> :-) > >> > >> ACL's don't help here as the owner of a file has the > >> ability to change permissions. > >> > >> I could set the immutable bit (Linux term for the schg > >> flag) but the modifying program does not recognise this > >> flag and will thus fail to modify the file. > >> (I have no control over the modifying program). > >> > >> Any ideas? > >> > >> I don't want to go down the line of using BSD MAC but I'm > >> starting to think I may have too just to be able to prevent > >> the user from modifying ONE file! (I'm not even sure I > >> could implement this using MAC anyway). > >> > >> Cheers, > >> Brett. > > Make a specialized setuid script or program to do that, and > set the sticky bit appropriately if you don't want them to > have direct access to the file. Just make sure that others > don't have access to the file. > > Why does he need access to aliases though? For mail program > purposes? -Garrett
I think you may have mixed up two threads with very similar subject lines. I see no reference to aliases in this thread. (Confusing isn't it) Malcolm _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
