[rsbac] weird question...
Amon Ott
ao at rsbac.org
Tue Sep 6 15:29:50 CEST 2005
On Dienstag 06 September 2005 15:18, Andrea Pasquinucci wrote:
> I have various questions to ask in this and following messages. I
start
> from the most difficult. I would like to have a directory where:
>
> - one particular Role can create files and write in them
> - once created and written the first time, the file cannot be
modified
> by anyone
> - the same Role is able to change the atime and mtime (and ctime) of
all
> files in this directory
An idea:
For that role:
- Set a def_fd_ind_create_type for the dir's type to be a type with
write access for the role
- Allow to ASSIGN the final type (which noone has write rights to)
- Allow MODIFY_ATTRIBUTE on the def_fd_ind_create_type
Then just call
"attr_set_file_dir FILE <filename> rc_type_fd <finaltype>"
after closing.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde abgetrennt...
Dateiname : nicht verf?gbar
Dateityp : application/pgp-signature
Dateigr??e : 189 bytes
Beschreibung: nicht verf?gbar
URL : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050906/bb8c3dba/attachment.bin
More information about the rsbac
mailing list