LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-05-2014, 05:05 AM   #1
pls_help_URGENT
Member
 
Registered: Aug 2012
Posts: 42

Rep: Reputation: Disabled
How to set the permissions on a directory to disallow deletion and allow creation?


Ubuntu 12.04 LTS

In order to prevent accidental deletions, I wish to set root
permissions on a directory such that the normal user can
only read and add the files but NOT delete the anything.

I can see that permission options are read, write, and
execute only.

What is the way to achieve the said target?

Last edited by pls_help_URGENT; 05-05-2014 at 05:06 AM.
 
Old 05-05-2014, 05:24 AM   #2
kirukan
Senior Member
 
Registered: Jun 2008
Location: Eelam
Distribution: Redhat, Solaris, Suse
Posts: 1,274

Rep: Reputation: 148Reputation: 148
sticky bit
Quote:
chmod +t dir
 
2 members found this post helpful.
Old 05-05-2014, 07:21 AM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
NOTE: the sticky bit (the "t") does not prevent deletion. It does prevent deletion by anyone but the owner of the file.

What you ask for (generally) cannot be done. If you can write to a directory (required to record the file name), then you can also delete a file (remove the file name).

Now there are some slightly awkward ways to prevent the file from being deallocated...

A file is only deleted when the last reference to the file is removed (this is the hard link).

1)It is entirely possible to setup two directories on the same filesystem - one users can write to, creating files and removing files... and a second that the user cannot. If the file in question has entries in BOTH directories, then the file will not be deleted when the reference in the writable directory is removed. Thus it can be restored by setting the link again (man "ln" for hard links). In this case, the unwritable directory must be given links for the files created in the writable directory (a single ln command can do that; the advantage is that no data is copied)

2)Similarly to 1 above, this can also be done using soft links, but that is weaker (in that the directory that has the hard link MUST be the one the user cannot create/delete files in). In this case the new files in the writable directory must be moved to the unwritable directory, and a symbolic link created to substitute for the original file (this takes two commands, one to copy/move the file, one to create the symbolic link; note, the copy/move can take a while depending on the size of the file).

Note, in all cases the owner, or users with group write, may damage the file (overwrite) and thus effectively delete the file by truncating it to zero length.
 
2 members found this post helpful.
Old 05-05-2014, 10:56 AM   #4
johny21
LQ Newbie
 
Registered: May 2014
Posts: 4

Rep: Reputation: Disabled
I use redhat , so I'm not sure if this is going to work in ubuntu.
chattr +i /home/name/file .
this command forbids every user ,even root ,from deleting a file.
I think it could be useful
 
2 members found this post helpful.
Old 05-05-2014, 11:13 AM   #5
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,131
Blog Entries: 2

Rep: Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833
If you want to have a more fine grained control (than what classical UNIX file permissions offer) on which user can do what with a file you will need to set up Access Control Lists (ACL).
Information for Ubuntu can be found here: https://help.ubuntu.com/community/UbuntuLTSP/ACLSupport
 
2 members found this post helpful.
Old 05-05-2014, 03:03 PM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
Quote:
Originally Posted by johny21 View Post
I use redhat , so I'm not sure if this is going to work in ubuntu.
chattr +i /home/name/file .
this command forbids every user ,even root ,from deleting a file.
I think it could be useful
Could be, but then root has to set the flag for each file created.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Default creation time user home directory permissions. prabhatsoni Linux - Software 3 01-08-2011 11:32 AM
Set default file/directory permissions replica88 Linux - Newbie 2 04-04-2010 11:12 AM
logging file creation and deletion? c_mitulescu Linux - Server 1 05-09-2007 12:14 AM
directory permissions incorrectly set DutchBoy Linux - Security 3 01-05-2004 10:40 AM
How to set correct file/directory permissions pat.delaney Linux - Networking 5 12-02-2003 10:39 AM


All times are GMT -5. The time now is 12:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration