From owner-freebsd-questions@FreeBSD.ORG Tue Jan 9 05:02:44 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B813716A403 for ; Tue, 9 Jan 2007 05:02:44 +0000 (UTC) (envelope-from malcolm.kay@internode.on.net) Received: from ipmail01.adl2.internode.on.net (ipmail01.adl2.internode.on.net [203.16.214.140]) by mx1.freebsd.org (Postfix) with ESMTP id 4B99C13C44C for ; Tue, 9 Jan 2007 05:02:44 +0000 (UTC) (envelope-from malcolm.kay@internode.on.net) Received: from ppp125-203.lns2.adl4.internode.on.net (HELO alpha.home) ([121.44.125.203]) by ipmail01.adl2.internode.on.net with ESMTP; 09 Jan 2007 15:32:42 +1030 X-IronPort-AV: i="4.13,161,1167571800"; d="scan'208"; a="71486903:sNHT42738094" From: Malcolm Kay Organization: at home To: freebsd-questions@freebsd.org Date: Tue, 9 Jan 2007 15:32:40 +1030 User-Agent: KMail/1.8 References: <60224D09909C0B43A50935A0893D8FF31DA320@srv.exchange.net24.net.nz> In-Reply-To: <60224D09909C0B43A50935A0893D8FF31DA320@srv.exchange.net24.net.nz> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200701091532.40944.malcolm.kay@internode.on.net> Cc: Brett Davidson Subject: Re: Permissions advice needed. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2007 05:02:44 -0000 On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote: > I have a curious problem. > > I need an executable file to be owned by a user's uid and gid > so they can run it. A user does not need to own a file to be able to run it. All they need is execute permission. So what is the real problem? > HOWEVER, I don't want them to be able to modify or delete the > file and/or it's permissions. Another program will do that. Deleting or creating a file requires write access in the directory containg the file reference -- it has nothing to do with the permissions on the file itself. Malcolm > > This, under standard Unix permissions, is a tad difficult. :-) > > ACL's don't help here as the owner of a file has the ability > to change permissions. > > I could set the immutable bit (Linux term for the schg flag) > but the modifying program does not recognise this flag and > will thus fail to modify the file. > (I have no control over the modifying program). > > Any ideas? > > I don't want to go down the line of using BSD MAC but I'm > starting to think I may have too just to be able to prevent > the user from modifying ONE file! (I'm not even sure I could > implement this using MAC anyway). > > Cheers, > Brett. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"