LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to make a folder can read write but can not remove itself? (https://www.linuxquestions.org/questions/linux-security-4/how-to-make-a-folder-can-read-write-but-can-not-remove-itself-4175556536/)

lixiaohui 10-18-2015 10:09 PM
How to make a folder can read write but can not remove itself?
 
I need open a folders to each custom as his or her home folder. To let he or she make new files, new child folders, edit rename and remove his or her files and folders. But forbid he or she remove his or her home folder.

I know if those home folder made under root, just like /homefolder, I can use the commend "chmod 1777 /homefolder". but if custom's home folder made in a authorized folder, just like /home/user/server/customNameFolder, that commend does not work.

I have search on google and baidu just like this subject and some other same meaning words. But I have not got the answer. So I want to ask you if there is no way to get my goal?

frieza 10-18-2015 10:14 PM
a simple solution i found here
http://binblog.info/2011/01/30/make-...able-on-linux/
the short of it is put a hidden file in their folder and make it immutable, since you can't remove an immutable file and you can't remove a non empty folder you can't accidentally delete the folder.

rknichols 10-18-2015 10:19 PM
Removing a directory ("folder") requires write permission in the parent directory. If that parent directory is owned and writeable only by root, then the user would not be able to delete that custom home directory.

HMW 10-19-2015 01:36 AM
Quote:
Originally Posted by rknichols
If that parent directory is owned and writeable only by root, then the user would not be able to delete that custom home directory.
^That would work, but the OP specified:
Quote:
Originally Posted by lixiaohui (Post 5436634)
I need open a folders to each custom as his or her home folder. To let he or she make new files, new child folders, edit rename and remove his or her files and folders. But forbid he or she remove his or her home folder.
The chattr way was interesting!

Best regards,
HMW

rknichols 10-19-2015 07:01 AM
Quote:
Originally Posted by HMW (Post 5436692)
^That would work, but the OP specified:
Quote:
Originally Posted by lixiaohui
I need open a folders to each custom as his or her home folder. To let he or she make new files, new child folders, edit rename and remove his or her files and folders. But forbid he or she remove his or her home folder.
I don't see any conflict there. The use can own the directory, but not its parent. That's the same as the relationship between /home/someuser and /home. The user has full permission within /home/someuser, but cannot remove that directory because /home is writeable only by root.

HMW 10-19-2015 08:03 AM
Quote:
Originally Posted by rknichols (Post 5436780)
I don't see any conflict there. The use can own the directory, but not its parent. That's the same as the relationship between /home/someuser and /home. The user has full permission within /home/someuser, but cannot remove that directory because /home is writeable only by root.
Ah, yes, of course. My bad! I totally misread your post, my apologies!

lixiaohui 10-19-2015 10:27 AM
Thank you very much!!!
 
Quote:
Originally Posted by rknichols (Post 5436637)
Removing a directory ("folder") requires write permission in the parent directory. If that parent directory is owned and writeable only by root, then the user would not be able to delete that custom home directory.
I have try it. I have made a test folder in /home/user/. Change it's owner by the commend: sudo chown root:root test. Then I make a child folder in test: sudo mkdir /home/user/test/testhome. At the end I change the access permit: sudo chmod 1777 /home/user/test/testhome.
After that, I try to remove the testhome. It is forbidden. Make new file/folder, rename them, edit file, remove them, all the operate works great. Thank you. Thank you very much. Thanks for hmw and frieza too!

hortageno 10-27-2015 05:39 AM
Quote:
Originally Posted by lixiaohui (Post 5436889)
I have try it. I have made a test folder in /home/user/. Change it's owner by the commend: sudo chown root:root test. Then I make a child folder in test: sudo mkdir /home/user/test/testhome. At the end I change the access permit: sudo chmod 1777 /home/user/test/testhome.
After that, I try to remove the testhome. It is forbidden. Make new file/folder, rename them, edit file, remove them, all the operate works great. Thank you. Thank you very much. Thanks for hmw and frieza too!
Just be careful with the 777 permissions. It's not required in almost all cases.


All times are GMT -5. The time now is 01:11 AM.