How to set the permissions on a directory to disallow deletion and allow creation?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to set the permissions on a directory to disallow deletion and allow creation?
Ubuntu 12.04 LTS
In order to prevent accidental deletions, I wish to set root
permissions on a directory such that the normal user can
only read and add the files but NOT delete the anything.
I can see that permission options are read, write, and
execute only.
What is the way to achieve the said target?
Last edited by pls_help_URGENT; 05-05-2014 at 04:06 AM.
NOTE: the sticky bit (the "t") does not prevent deletion. It does prevent deletion by anyone but the owner of the file.
What you ask for (generally) cannot be done. If you can write to a directory (required to record the file name), then you can also delete a file (remove the file name).
Now there are some slightly awkward ways to prevent the file from being deallocated...
A file is only deleted when the last reference to the file is removed (this is the hard link).
1)It is entirely possible to setup two directories on the same filesystem - one users can write to, creating files and removing files... and a second that the user cannot. If the file in question has entries in BOTH directories, then the file will not be deleted when the reference in the writable directory is removed. Thus it can be restored by setting the link again (man "ln" for hard links). In this case, the unwritable directory must be given links for the files created in the writable directory (a single ln command can do that; the advantage is that no data is copied)
2)Similarly to 1 above, this can also be done using soft links, but that is weaker (in that the directory that has the hard link MUST be the one the user cannot create/delete files in). In this case the new files in the writable directory must be moved to the unwritable directory, and a symbolic link created to substitute for the original file (this takes two commands, one to copy/move the file, one to create the symbolic link; note, the copy/move can take a while depending on the size of the file).
Note, in all cases the owner, or users with group write, may damage the file (overwrite) and thus effectively delete the file by truncating it to zero length.
I use redhat , so I'm not sure if this is going to work in ubuntu.
chattr +i /home/name/file .
this command forbids every user ,even root ,from deleting a file.
I think it could be useful
If you want to have a more fine grained control (than what classical UNIX file permissions offer) on which user can do what with a file you will need to set up Access Control Lists (ACL).
Information for Ubuntu can be found here: https://help.ubuntu.com/community/UbuntuLTSP/ACLSupport
I use redhat , so I'm not sure if this is going to work in ubuntu.
chattr +i /home/name/file .
this command forbids every user ,even root ,from deleting a file.
I think it could be useful
Could be, but then root has to set the flag for each file created.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.