How to set the permissions on a directory to disallow deletion and allow creation?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
NOTE: the sticky bit (the "t") does not prevent deletion. It does prevent deletion by anyone but the owner of the file.
What you ask for (generally) cannot be done. If you can write to a directory (required to record the file name), then you can also delete a file (remove the file name).
Now there are some slightly awkward ways to prevent the file from being deallocated...
A file is only deleted when the last reference to the file is removed (this is the hard link).
1)It is entirely possible to setup two directories on the same filesystem - one users can write to, creating files and removing files... and a second that the user cannot. If the file in question has entries in BOTH directories, then the file will not be deleted when the reference in the writable directory is removed. Thus it can be restored by setting the link again (man "ln" for hard links). In this case, the unwritable directory must be given links for the files created in the writable directory (a single ln command can do that; the advantage is that no data is copied)
2)Similarly to 1 above, this can also be done using soft links, but that is weaker (in that the directory that has the hard link MUST be the one the user cannot create/delete files in). In this case the new files in the writable directory must be moved to the unwritable directory, and a symbolic link created to substitute for the original file (this takes two commands, one to copy/move the file, one to create the symbolic link; note, the copy/move can take a while depending on the size of the file).
Note, in all cases the owner, or users with group write, may damage the file (overwrite) and thus effectively delete the file by truncating it to zero length.
If you want to have a more fine grained control (than what classical UNIX file permissions offer) on which user can do what with a file you will need to set up Access Control Lists (ACL).
Information for Ubuntu can be found here: https://help.ubuntu.com/community/UbuntuLTSP/ACLSupport