From owner-freebsd-questions@FreeBSD.ORG Tue Jan 9 05:32:15 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9B2B216A412 for ; Tue, 9 Jan 2007 05:32:15 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout7.cac.washington.edu (mxout7.cac.washington.edu [140.142.32.178]) by mx1.freebsd.org (Postfix) with ESMTP id 791AD13C44C for ; Tue, 9 Jan 2007 05:32:15 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.139]) by mxout7.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l095WESY016973 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 8 Jan 2007 21:32:15 -0800 X-Auth-Received: from [128.208.5.99] (nilakantha.cs.washington.edu [128.208.5.99]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l095WEAh028787 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 8 Jan 2007 21:32:14 -0800 Message-ID: <45A328DE.6000209@u.washington.edu> Date: Mon, 08 Jan 2007 21:32:14 -0800 From: Garrett Cooper User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <60224D09909C0B43A50935A0893D8FF31DA320@srv.exchange.net24.net.nz> <200701091532.40944.malcolm.kay@internode.on.net> In-Reply-To: <200701091532.40944.malcolm.kay@internode.on.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-PMX-Version: 5.2.2.285561, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2007.1.8.211433 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Subject: Re: Permissions advice needed. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2007 05:32:15 -0000 Malcolm Kay wrote: > On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote: > >> I have a curious problem. >> >> I need an executable file to be owned by a user's uid and gid >> so they can run it. >> > > A user does not need to own a file to be able to run it. All they > need is execute permission. So what is the real problem? > > >> HOWEVER, I don't want them to be able to modify or delete the >> file and/or it's permissions. Another program will do that. >> > > Deleting or creating a file requires write access in the > directory containg the file reference -- it has nothing to do > with the permissions on the file itself. > > Malcolm > > >> This, under standard Unix permissions, is a tad difficult. :-) >> >> ACL's don't help here as the owner of a file has the ability >> to change permissions. >> >> I could set the immutable bit (Linux term for the schg flag) >> but the modifying program does not recognise this flag and >> will thus fail to modify the file. >> (I have no control over the modifying program). >> >> Any ideas? >> >> I don't want to go down the line of using BSD MAC but I'm >> starting to think I may have too just to be able to prevent >> the user from modifying ONE file! (I'm not even sure I could >> implement this using MAC anyway). >> >> Cheers, >> Brett. Make a specialized setuid script or program to do that, and set the sticky bit appropriately if you don't want them to have direct access to the file. Just make sure that others don't have access to the file. Why does he need access to aliases though? For mail program purposes? -Garrett