[zahlman]

I get that the "o" in "--ro" is supposed to stand for "only", but this feels clunky to me (especially if there's also a "--rox", which is self-contradictory). I like my long options to be, well, long (complete English words), and backed up by short options. In this case, I'd propose having "-r, --read, -w, --write, -x, --exec", and allowing the short options to be combined as flags (i.e. -rwx).

[Zoup]

ROX isn't self-contradictory, Allowing read() and execve(), but denying write() and truncate() are totally valid and common in secure execution contexts, although things gets worse with directory traverse.

So yeah, --rox is fine semantically, just ugly. :D

[teo_zero]

I think the parent poster was not arguing that allowing this combination of accesses is invalid, just that it can't be called read-ONLY if it's not ONLY read.

"Any color the customer wants, as long as it's black"

[zahlman]

I mean that it is not "read-only" if it is also executable.