Quote:
Originally Posted by yalag
I need to be able to prevent myself from deleting a parent folder but still be able to write/delete/move files within it. So seems like none of the solution works. Best work around is to just create a dummy file in the folder that I don't have permission to delete?
|
Well, if you need to delete/move the file themselves in that directory, then yes, none of the solutions will work.
How do you intend to create the dummyfile? If you simply want to give it read permission a 'rm -f' will still delete that file. Hence, 'rm -f dir/' will remove the directory. If you want to prevent the directory being deleted by 'rmdir' then it is sufficient that it is not empty.
I think I can offer two solutions that might be better:
1) Protective parent directory
Create your data directory inside a parent directory. The parent directory will act as "shield" against deletion of the datadirectory but the files
inside the datadirectory will still be re/moveable.
So instead of the directory structure
Code:
datadir
|----file1
|----file2
...
Your directorytree will look like:
Code:
protection_dir
|----data_dir
|----file1
|----file2
...
The protection_dir will have the immutable flag 'i' set. This way protection_dir will not be deleteable and so will data_dir.
data_dir itself will NOT have the immutable flag enabled. Therefore the files inside data_dir will be re/moveable.
Here are the required commands:
Code:
mkdir -p protection_dir/data_dir
sudo chattr +i protection_dir # Do NOT use the recursive option here!
2) Loop device
This will require that you know in advance how big the directory can actually get in order to avoid space issues. So it might not be suitable for some scenarios.
Create a loopdevice and set the 'a' attribute for this loopdevice. When you mount it you will be able to create and delete the files
inside but the loopdevice itself will not be deleteable.
Procedure, e.g. 1G loopdevice:
Code:
dd if=/dev/zero of=loopdrive bs=1M count=1024
sudo losetup /dev/loop0 loopdrive
sudo mke2fs -vj /dev/loop0
sudo chattr +a loopdrive
Now create the mount directory for loopdrive and set the 'i' flag on the mount directory. This way you can also ensure
that the mount directory will not be removed accidentally.
Code:
mkdir data_dir
sudo chattr +i data_dir
Finally, mount it:
Code:
sudo mount -o loop /dev/loop0 data_dir
A funny thing to notice is that you will get an error (at least I do) when you try mount it like 'mount -o loop loopdrive data_dir'.
However, if the file loopdrive does have the 'i' flag set instead of the 'a' flag then the latter mount method does work. Strange.
There is one major drawback with the loopdrive solution. Every time you want to setup the loopdevice with
losetup /dev/loop0 loopdrive
you will have to remove the 'a' flag first and add it again afterward.
PS:
I used loop0 in my example. You might have to use loop1 or higher if loop0 is already taken. Issue 'losetup -f' to display the next free
loopdevice.