Ubuntu 12.04 LTS

In order to prevent accidental deletions, I wish to set root
permissions on a directory such that the normal user can
only read and add the files but NOT delete the anything.

I can see that permission options are read, write, and
execute only.

What is the way to achieve the said target?

sticky bit

2 members found this post helpful.

NOTE: the sticky bit (the "t") does not prevent deletion. It does prevent deletion by anyone but the owner of the file.

What you ask for (generally) cannot be done. If you can write to a directory (required to record the file name), then you can also delete a file (remove the file name).

Now there are some slightly awkward ways to prevent the file from being deallocated...

A file is only deleted when the last reference to the file is removed (this is the hard link).

1)It is entirely possible to setup two directories on the same filesystem - one users can write to, creating files and removing files... and a second that the user cannot. If the file in question has entries in BOTH directories, then the file will not be deleted when the reference in the writable directory is removed. Thus it can be restored by setting the link again (man "ln" for hard links). In this case, the unwritable directory must be given links for the files created in the writable directory (a single ln command can do that; the advantage is that no data is copied)

2)Similarly to 1 above, this can also be done using soft links, but that is weaker (in that the directory that has the hard link MUST be the one the user cannot create/delete files in). In this case the new files in the writable directory must be moved to the unwritable directory, and a symbolic link created to substitute for the original file (this takes two commands, one to copy/move the file, one to create the symbolic link; note, the copy/move can take a while depending on the size of the file).

Note, in all cases the owner, or users with group write, may damage the file (overwrite) and thus effectively delete the file by truncating it to zero length.

2 members found this post helpful.

I use redhat , so I'm not sure if this is going to work in ubuntu.
chattr +i /home/name/file .
this command forbids every user ,even root ,from deleting a file.
I think it could be useful

2 members found this post helpful.

If you want to have a more fine grained control (than what classical UNIX file permissions offer) on which user can do what with a file you will need to set up Access Control Lists (ACL).
Information for Ubuntu can be found here: https://help.ubuntu.com/community/UbuntuLTSP/ACLSupport

2 members found this post helpful.

Could be, but then root has to set the flag for each file created.

1 members found this post helpful.