Quote:
Originally posted by hedrict
Help!!
I am trying to give users the ability to manipulate a file via a script that was written but I don't want the users (group of Sterling) to have write permission (for fear that it'll get deleted by accident) when using regular shell commands.
The only options that I can think of are:
a) make the file group writeable, in which case they could delete it using shell commands
or b) Make your script which manipulates the file SUID, and make the file mode 600. Drawback to this is that SUID scripts can be used to gain shell command access if not programmed extremely carefully. (make it SUID-cdunix not SUID-root)