MikeG wrote on Tue, Mar 28, 2006 at 01:00:32PM +0100: > Marco Fretz wrote:
>> i've got a little problem. i have to remove some files in a shell >> script that are not owned or writable by the user the shell script >> runs. > You only need write access to the directory to delete files (unless the > sticky bit is set). Make the dir writable by a group the shell script > runs as. IMHO, this is very bad advice (at least unless you know much more about the context of Marco's question). Directory write access is very powerful. It does not only allow to delete files, but also create new files, to change the ownership of files (by copying them and deleting the original) und thus ultimately to change the contents of all files in the directory. On top of that, depending on the context, it might be a bad idea to make the whole shell script SGID - this is a possible violation of the principle of least privilege. >> is there a way to give this user write access only to the files >> needed to remove by the shell script (with sudo nopasswd)? An alternative to using `sudo rm` directly might be to write a small C program calling unlink(2) as needed. You might either install this program SGID to a dedicated group or configure sudo in order to run it. It depends on your particular task whether this alternative is less error-prone, more to the point or just overkill. In any case, all this is hardly OpenBSD specific. -- Ingo Schwarze <[EMAIL PROTECTED]> http://www.usta.de/
