On Sat, 25 May 2019 20:49:31 -0300 Markos <mar...@c2o.pro.br> wrote: > Hi, > > I made a program (reading_room.tcl), with Sqlite running on Debian 9, > to control the books of a reading room. > > I implemented an authentication system for common users and > administrator users in the reading_room program. > > Now I want that any user logged in the Linux be able to run the > program reading_room.tcl, which will access the database (books.db) > > But I want to protect the file books.db so that only the the program > reading_room.tcl can access the books.db file. But that no user could > delete or write to the file books.db (only the program > reading_room.tcl) > > Please, how can I configure the system to do that? > > How to define the permissions? >
I hate to say this, but this is why database management applications have their own self-contained authentication and permissions systems. Filesystem controls, even with granular ACL add-ons, are not generally adequate for database work. DBMS authentication allows access control down to individual fields and distinguishes between database management actions and simple data access. This may be the time to learn about MySQL/mariadb. No, it's not a resource hog like SQL Server, it will run happily on a small computer. I used to run it with fairly decent speed on an Atom-based netbook, and I had about twenty databases on a 256MB RAM desktop that I used to use as a home server. The other point is that if your reading room expands to multiple computers, sqlite isn't an ideal solution for a shared database. It has the same drawback as MS Access files in that a network glitch can break the file. Any SQL server is designed for network use and will handle connection problems robustly. -- Joe
