Hello!
When an interactive application is launched, files from its directory (/var/www/ood/apps/sys/…) are copied to the directory /home/$USER/ondemand/dev/… (for example, the files before.sh.erb, script.sh.erb and after.sh.erb).
When copying, the owner of the file changes to the user who launched the interactive application. Accordingly, the user gets the opportunity to edit these files and restart the application with new settings.
Is there a possibility:
– when copying files do not change the owner ?
– or change the rights to the copied files by removing “write” rights?
Unprivileged users cannot change the ownership of a file to someone other than themselves. So no to the first question - that’s a Linux security thing, you wouldn’t want folks to be able to do that because if they could, then they could likely change the ownership of any file to anyone.
To the second question of write permissions - what’s to stop someone from chmod +w
on these files? They own the files after all.
I guess I should ask what the issue you’re reporting is? They can’t modify settings on the system level - any setting modification would only impact them, why shouldn’t they be able to modify their own job?
Also note that you can chmod -w
or similar in the script.sh.erb
directly to apply different file permissions, though again, they’ll just be able to chmod +w
on them later.