[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to set access permissions to protect a database file?

	Hi.

On Sun, Jun 09, 2019 at 06:32:42PM -0300, Markos wrote:
> Many thanks to Mick, David and Joe,
> 
> To guarantee "some" protection to the file containing the database I decided to use the following strategy:
> 
> I created, as root, the directory /home/reading_room
> 
> And activated the "sticky bit" of the reading_room directory with the command:
> 
> chmod +t /home/reading_room/
> 
> And transferred, the files to the new directory with the following access permissions:
> 
> reading_room.tcl  rwxr--r-x  (owner markos)
> 
> reading_room.db rw-r--rw- (owner markos)
> 
> This way other users can run the reading_room.tcl program but can't  but not edit.

Try it someday.

cd /tmp
echo foo 1.db
chmod 646 1.db
echo bar | sudo -u nobody tee /tmp/1.db >/dev/null
cat 1.db

Sticky bit combined with 'w' allows user to overwrite (or append) the
file.

> And can't delete the files (.tcl or .db)

That's true, and since most editors try to use "create temporary file
and move it along the original" - you mistook it for "other users cannot
edit the file".

Reco
Reply to: