The normal problem of an application first creating and then writing to the
file is not an issue
here as I can change the App to always write to a temporary directory on the
same partition
and then move the file there.
What's the best way to implement such a "write once only" directory?
Alternatives I am thinking about:
a Change the Ownership of the file programmatically from the application if
possible(?)
b Write a service on the Server that gets notified as soon as a new file is
placed in the directory
and changes its permissions/owner
The solution has to be sound in order to prevent even knowledgable
users/developers from modifing
files after they were initially placed in the directory.
Thanks for your Ideas
Erwin
> I understand that I can change the Directory to "Add & Read"
> permissions but then the owner of the newly created file can
> still modify its permissions(?).
Yes, because the owner of a file can always change the permissions,
no matter what the ACL says.
> Alternatives I am thinking about:
>
> a Change the Ownership of the file programmatically from the
> application if possible(?)
You can't (easily) give away ownership, so this won't work.
> b Write a service on the Server that gets notified as soon as a
> new file is placed in the directory and changes its
> permissions/owner
This can be made to work, since the service can run under a
different account from whatever created the files, and will
be able to take ownership (if it is sufficiently priviledged).
-je-
That is not necessarily true. When the file/folder is moved within the same
partition, it is simply a matter of changing
directory entries. No data of the file has to be moved.
Erwin