How do you suggest the hard link to the file in your example is made?
Another user cannot make a hard link to the file "mycreditcards",
because they cannot get to that file through the ~/hidden directory;
it has all permissions off for group and others.
Of course, if you make the link yourself... But that defeats the purpose
of this thread.
>For a more applicable example:
>/usr/sbin/admin is a directory that only people in group admin can access.
>inside are user modification tools, suid root, executable by group user-adm.
>Therefore, the permission to modify a user is dependant on being in both
>group admin and user-adm. Why two levels? Because on any heirarchy there
>are going to be groups of administration that overlap.
>
>Makes sense right? Except having any directory on the
>same partition as /usr/sbin/admin writable by group admin destroys the
>entire scheme. And that's not something that many people realise.
Wrong again. You say yourself that the directory /usr/sbin/admin is
only accessible to people in group admin. Suppose you're a non-admin
user. Please explain how you are going to make a link to any file in
the /usr/sbin/admin directory? Assume for this example that /usr/sbin/admin
is on the same file system as /usr/tmp.
Well?
>I'm not talking about hiding data. I'm saying that the lifespan of
>a file is something that only the owner should be able to modify.
No, that would mean that no one besides the owner could delete the
file, even if it is in a group-shared directory, for example. That's
not useful.
I think you mean "the lifespan of a file is something that only the
owner should be able to _lengthen_". This is a subtle difference,
of course.