Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Jan 2007 15:32:40 +1030
From:      Malcolm Kay <malcolm.kay@internode.on.net>
To:        freebsd-questions@freebsd.org
Cc:        Brett Davidson <brett@net24.co.nz>
Subject:   Re: Permissions advice needed.
Message-ID:  <200701091532.40944.malcolm.kay@internode.on.net>
In-Reply-To: <60224D09909C0B43A50935A0893D8FF31DA320@srv.exchange.net24.net.nz>
References:  <60224D09909C0B43A50935A0893D8FF31DA320@srv.exchange.net24.net.nz>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote:
> I have a curious problem.
>
> I need an executable file to be owned by a user's uid and gid
> so they can run it.

A user does not need to own a file to be able to run it. All they 
need is execute permission. So what is the real problem?

> HOWEVER, I don't want them to be able to modify or delete the
> file and/or it's permissions. Another program will do that.

Deleting or creating a file requires write access in the 
directory containg the file reference -- it has nothing to do 
with the permissions on the file itself.

Malcolm

>
> This, under standard Unix permissions, is a tad difficult. :-)
>
> ACL's don't help here as the owner of a file has the ability
> to change permissions.
>
> I could set the immutable bit (Linux term for the schg flag)
> but the modifying program does not recognise this flag and
> will thus fail to modify the file.
> (I have no control over the modifying program).
>
> Any ideas?
>
> I don't want to go down the line of using BSD MAC but I'm
> starting to think I may have too just to be able to prevent
> the user from modifying ONE file! (I'm not even sure I could
> implement this using MAC anyway).
>
> Cheers,
> Brett.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701091532.40944.malcolm.kay>