0

Is it possible to limit access to a file by a program.

The problem I have is that users run a program under their UID and it accesses a file. I want that file not to be accessible to them through file-system.

The program is java -jar myProgram.jar filePathAsParameter

Thank you

Alex
  • 2,325
  • the file should be owned by ur user , and must have permissions r,w,x only by ur user!
    chown user:group file ; chmod 700 file ( sudo chown $USER:$USER /path/to/file ; sudo chmod 700 /path/to/file; )     – Yunus Jul 13 '16 at 23:53
  • @younes that way the users won't be able to access the file through the java program that they run. – ojs Jul 14 '16 at 00:00
  • @Alex, do your users have to run the program under their own UID? Or can they run it as someone else. If so then you can change the permissions on your file like younes suggests and then use setuid on the java file to run the program as another user who has access to the file. – ojs Jul 14 '16 at 00:09
  • They have to use their own UID – Alex Jul 14 '16 at 00:46
  • Then you might use a group and setgid for that control. This is how, for example, games are usually configured to protect access to the top scores file. – MAP Jul 14 '16 at 00:54
  • @MAP , are you suggesting to setgit to the jar or the file (the one I want to restrict permission)? – Alex Jul 14 '16 at 01:27
  • You need whatever is the executable to be setgid (there's no git involved :-). Depending on details which I don't know that may require a shim. setgid is just like setuid except it uses group permissions. I swear I just wrote this answer somewhere yesterday. – MAP Jul 14 '16 at 01:39
  • OK, I found that other answer. It's not exactly tailored to your situation, but might help. – MAP Jul 14 '16 at 01:41
  • @MAP Not working... The program which actually is executed is java – Alex Jul 14 '16 at 02:00
  • You need a shim in that case. I'm too busy to write this answer at this moment, I'll try and write this up as a full answer tomorrow. – MAP Jul 14 '16 at 02:04

0 Answers0