Isolating read access to only to one file only by another file.
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Isolating read access to only to one file only by another file.
I'd like to be able to set up a server application that can only READ a certain file. Say a user owns a file called "server", I don't want the user to be able to gain access to the file "huh" but I wan't the server (which is under that persons username) to be able to access it.
Is this possible? And most importantly which way would I do this?
If the file owner doesn't have read access for the owner (u) permission bit, then the file can't be read even if the group access allows it. You may want to test this. I read it in a 'Programming by Example' book.
I'm not sure that I understood the question. You want write only access to a certain directory for a user, to create a file that a server of some type uses?
Or perhaps you are thinking more of writing to a named pipe that the server has exclusive read access to?
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
int main (int argc, char* argv[])
{
char* file = argv[1];
int fd;
struct flock lock;
printf ("opening %s\n", file);
/* Open a file descriptor to the file. */
fd = open (file, O_WRONLY);
printf ("locking\n");
/* Initialize the flock structure. */
memset (&lock, 0, sizeof(lock));
lock.l_type = F_WRLCK;
/* Place a write lock on the file. */
fcntl (fd, F_SETLKW, &lock);
printf ("locked; hit enter to unlock... ");
/* Wait for the user to hit enter. */
getchar ();
printf ("unlocking\n");
/* Release the lock. */
lock.l_type = F_UNLCK;
fcntl (fd, F_SETLKW, &lock);
close (fd);
return 0;
}
We have an account called john doe.
We also have an account called joe-sixpack
John doe has a server binary in /home/jondoe/server/bin/serverbinary
Joe sixpack has a server binary in /home/joesix/server/bin/serverbinary
Server binary has a config file that it loads located in /home/<user>/server/bin/config.conf
This config file loads plugins in a "centralized location" so we don't have to have such plugins/config files in each users account.
Server config file looks something like
loadplugin /home/shared/pluginbin/plugin.so /home/shared/plug-conf/plugin.conf
loadplugin /home/shared/pluginbin/plugin2.so /home/shared/plug-conf/plugin2.config
We want joesixpack and jon doe to:
Be able to:
Run the serverbinary under their own account name (and of course, the serverbinary needs access privilages to read the plugin and plugin config (but NOT to write))
To [b]NOT[b] be able to:
Give the user jondoe or joesixpack the ability to grab the the plugins or configuration for such from our '/home/shared' directory.
In otherwords we want the serverbinary who resides and executes under each user to be able to read plugins and configs
However we DON'T want the user itself to be able to read (download or view) the plugin it's config
So... in other words... have the serverbinary have read access to a file ---- have the user itself not have read-access
(Yet have the binary run under the users name)
So... in other words -- giving one indvidual file read-access to another file... rather than giving the entire user read-access
Is this impossible for this current setup we have?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.