-   Linux - Security (
-   -   filesystem permissions question - making so user can't change permissions? (

c0pe 07-09-2010 08:35 AM

filesystem permissions question - making so user can't change permissions?

I need to allow users to read, create and modify files and subdirectories but I don't want them to be able to modify the owner or permissions, can this be done with filesystem permissions? Using CentOS 5.5.

dcellis1950 07-09-2010 10:56 AM

I don't think there is a way to do this with the standard Unix permissions. If you can write to a file, you can change permissions.

However, if you have time on your hands and can learn to use SELinux, there should be a way to do it there.

anomie 07-09-2010 02:21 PM

You can get close to the desired effect with shared group membership, and then group ownership (with the sgid bit on directories) for the files.

The problem is: when a user creates a new file s/he will be the owner.

Selinux is one idea for solving that problem. Another is removing read/execute permissions from /bin/chmod and /bin/chown for everyone but root. (That may have some other unintended consequences, though.)

c0pe 07-12-2010 07:51 AM

ok, thanks for the info, it's appreciated.

c0pe 07-12-2010 09:06 AM

marking thread as solved, since my real question was can this be done with the standard file permissions, and I got the answer, it can not. But thanks for the possible alternatives, I appreciate it.

All times are GMT -5. The time now is 11:52 PM.