Date: Tue, 9 Jan 2007 08:43:11 +1300 From: "Brett Davidson" <brett@net24.co.nz> To: <freebsd-questions@freebsd.org> Subject: Permissions advice needed. Message-ID: <60224D09909C0B43A50935A0893D8FF31DA320@srv.exchange.net24.net.nz>
next in thread | raw e-mail | index | archive | help
I have a curious problem. I need an executable file to be owned by a user's uid and gid so they can run it. HOWEVER, I don't want them to be able to modify or delete the file and/or it's permissions. Another program will do that. This, under standard Unix permissions, is a tad difficult. :-) ACL's don't help here as the owner of a file has the ability to change permissions. I could set the immutable bit (Linux term for the schg flag) but the modifying program does not recognise this flag and will thus fail to modify the file. (I have no control over the modifying program). Any ideas? I don't want to go down the line of using BSD MAC but I'm starting to think I may have too just to be able to prevent the user from modifying ONE file! (I'm not even sure I could implement this using MAC anyway). Cheers, Brett.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?60224D09909C0B43A50935A0893D8FF31DA320>