Quote:
Originally Posted by chrism01
Give it a try on a test file/dir. I suspect that the owner could (should be able to) change the perms.
|
You're right about the owner being able to change the permissions. But I'm almost positive I saw an example somewhere of using regular permissions and owner:group assignments to exclude a single user from accessing a particular file.
I tested something like my 1st example and found a combination that seems to work, see what you think.
Code:
$ ls -ld . # working directory owned by root:root
drwxr-xr-x 11 root root 4096 2009-10-27 21:28 .
$ # File is owned by root, group set to username to be excluded
$ # My regular name on system is lwasserm
$ ls -l TestFile # File permissions set to 707
-rwx---rwx 1 root lwasserm 13 2009-10-27 21:28 TestFile
$ cat TestFile
cat: TestFile: Permission denied
$ sudo cat TestFile
Hello World
$ rm TestFile
rm: remove write-protected regular file `TestFile'? y
rm: cannot remove `TestFile': Permission denied
$ chmod g+rw TestFile
chmod: changing permissions of `TestFile': Operation not permitted
$ rm TestFile
rm: remove write-protected regular file `TestFile'? y
rm: cannot remove `TestFile': Permission denied
$