On Mon, 16 Mar 2009, Lorenzo Fiorini wrote: > I'm trying to find out the best way to secure dbfs. > I already know and use the SUID and SGID but they seem not suitable > for all envs since the files created by the app are not owned by the > user and this doesn't allow many typical import/export features like > sending pdfs by email with thunderbird, or export tbrowses as xls to > openoffice calc. > Any suggestion?
You can try to umask() to control file permission or you can disable effective user and group IDs by seteuid(setuid())/setegid(setuid()). Unfortunately it effects all threads so in some cases it's not good solution for MT programs. Probably we will have to introduce sth like _SET_UMASK to Harbour which will be thread local. I'll think about it. Meanwhile you can simply use: HB_FGETATTR( <cFile>, @<nAttr> ) -> <lOK> HB_FSETATTR( <cFile>, <nAttr> ) -> <lOK> Here is the list of POSIX file attributes mapped to Harbour attributes. /* POSIX file permission */ #define HB_FA_SUID 0x08000000 /* set user ID on execution */ #define HB_FA_SGID 0x04000000 /* set group ID on execution */ #define HB_FA_SVTX 0x02000000 /* sticky bit */ #define HB_FA_RUSR 0x01000000 /* read by owner */ #define HB_FA_WUSR 0x00800000 /* write by owner */ #define HB_FA_XUSR 0x00400000 /* execute/search by owner */ #define HB_FA_RGRP 0x00200000 /* read by group */ #define HB_FA_WGRP 0x00100000 /* write by group */ #define HB_FA_XGRP 0x00080000 /* execute/search by group */ #define HB_FA_ROTH 0x00040000 /* read by others */ #define HB_FA_WOTH 0x00020000 /* write by others */ #define HB_FA_XOTH 0x00010000 /* execute/search by others */ Probably we should add it to fileio.ch You can also resolve the problem by using special attributes for directories used to export data. If you set SGID on a directory then each file create in this directory will inherit group from the directory. It's quite good and efficient method ant it's not necessary to modify code. best regards, Przemek _______________________________________________ Harbour mailing list Harbour@harbour-project.org http://lists.harbour-project.org/mailman/listinfo/harbour
