2

I want to be able to have a r,w,x type permission given to specific processes and not to users. Any document I find shows that processes get the same permissions as the user calling it, but I want different processes to have different permissions even on the same user.

Is there a way to achieve this?

Improve this question
5
  • You can make your processes setuid or setgid to another user or group. However, please note that you are working against the very basic principles of the operating system. Commented Nov 23, 2016 at 11:38
  • @AlexP The following link shows that that won't work though. unix.stackexchange.com/questions/206289/… Commented Nov 23, 2016 at 11:40
  • @AlexP And even if it did work, I want a process to be able to access fileA but not fileB for the same user. If I change the setuid for the process, even if a user created fileA, he may not be able to access it anymore using that said process. Commented Nov 23, 2016 at 11:42
  • Setuid and setgid bits absolutely do work. The link provided discusses a well known behavior of GNU/Linux systems. Commented Nov 23, 2016 at 11:43
  • 1
    Access rights are determined by the effective user id and effective group id of a process. Normally a process gets its EUID and EGID from the invoking process, but it may also take them from the owner or group of the image which is exec'd, if the appropriate bits are set in the access mode of the image. Use man 7 credentials for more details. Commented Nov 23, 2016 at 11:47

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.