LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 08-24-2015, 12:04 PM   #1
NightRook
LQ Newbie
 
Registered: Dec 2007
Posts: 8

Rep: Reputation: 0
User Unable to delete files with ACL user:rwx on directory with sticky bit


I was wondering if it is possible to have two owners of a directory(the boss and manager). This is the hierarchy I am trying to accomplish:

Code:
                    harry    (boss needs full control of directory)
                     |
       +-------------+----------------+
       |             |                |
      frank         mary           isaac   (Managers need full control of directory)
       |             |                | 
     sales        accounting         hr    (group folders)
       |
    ---+----                               
    |      |
   jazmin joe                               (Group members need rwx access but no delete unless user owns file)

I have the following setup inside the folder "company". Everything works great, except the boss can't delete files he does not want. The manager has to do it or the owner of the file. I tried using ACLs but the sticky bit seems to prevent the deletion by the boss(harry).

Code:
[root@server company]# getfacl sales
# file: sales
# owner: isaac
# group: sales
# flags: -st
user::rwx
user:harry:rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:user:harry:rwx
default:group::rwx
default:mask::rwx
default:other::--- 

[root@server company]# ls -l
total 24
drwxrws--T+ 2 frank accounting 4096 Aug 22 16:55 accounting
drwxrws--T+ 2 mary  hr         4096 Aug 22 16:44 hr
drwxrws--T+ 2 isaac sales      4096 Aug 22 16:45 sales

[root@server company]# ls -l sales
total 100
-rw-rwxr--+ 1 harry  sales  0 Aug 22 09:42 boss-f2
-rw-rwxr--+ 1 harry  sales  0 Aug 22 09:42 boss-f3
-rw-rwxr--+ 1 harry  sales  0 Aug 22 09:42 boss-f4
-rw-rwxr--+ 1 harry  sales  0 Aug 22 09:42 boss-f5
-rw-rwxr--+ 1 harry  sales  0 Aug 22 09:42 boss-f6
-rw-rw----+ 1 harry  sales  0 Aug 22 16:45 boss-new-1
-rw-rwxr--+ 1 isaac  sales 18 Aug 22 10:56 isaac-f1
-rw-rwxr--+ 1 isaac  sales  0 Aug 22 10:54 isaac-f2
-rw-rwxr--+ 1 isaac  sales  0 Aug 22 10:54 isaac-f3
-rw-rwxr--+ 1 isaac  sales  0 Aug 22 10:54 isaac-f4
-rw-rwxr--+ 1 isaac  sales  0 Aug 22 10:54 isaac-f5
-rw-rwxr--+ 1 isaac  sales  0 Aug 22 10:54 isaac-f6
-rw-rwxr--+ 1 jazmin sales  0 Aug 22 10:55 jazmin-f2
-rw-rwxr--+ 1 jazmin sales  0 Aug 22 10:55 jazmin-f3
-rw-rwxr--+ 1 jazmin sales  0 Aug 22 10:55 jazmin-f4
-rw-rwxr--+ 1 jazmin sales  0 Aug 22 10:55 jazmin-f5
-rw-rwxr--+ 1 jazmin sales  0 Aug 22 10:55 jazmin-f6
-rw-rwxr--+ 1 joe    sales 18 Aug 22 10:56 joe-f1
-rw-rwxr--+ 1 joe    sales  0 Aug 22 10:52 joe-f2
-rw-rwxr--+ 1 joe    sales  0 Aug 22 10:52 joe-f3
-rw-rwxr--+ 1 joe    sales  0 Aug 22 10:52 joe-f4
-rw-rwxr--+ 1 joe    sales  0 Aug 22 10:52 joe-f5
-rw-rwxr--+ 1 joe    sales  0 Aug 22 10:52 joe-f6

Last edited by NightRook; 08-24-2015 at 02:07 PM.
 
Old 08-25-2015, 06:30 AM   #2
GazL
LQ Veteran
 
Registered: May 2008
Posts: 6,882

Rep: Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988
Can't be done. Without the stickybit anyone who can create a file in a directory will be able to delete a file in that directory, and with the stickybit Harry and the managers won't be able to delete files they don't own.

You're going to have to either trust Joe and Jazmin, or give them each their own private subdirectory to create their files in, and optionally come up with some sort of checkin/out mechanism if you want to be able to promote their files into any of the shared locations (such as sales/). Either way, you're going to have to stop using the stickybit if you want Harry to have full control.

Last edited by GazL; 08-25-2015 at 06:38 AM.
 
Old 08-25-2015, 08:52 AM   #3
NightRook
LQ Newbie
 
Registered: Dec 2007
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks for the info. I was under the impression that the ACL rule would allow harry to delete files in those directories but I tried it and it did not work. Harry just can't delete anything, but the managers work fine. They can remove any file at will because they are the owners of the directories, even with the sticky bit on. Since the ACL rule did not work, I was thinking perhaps writing a two line script and set SUID bit, give harry permission to run it, that way he can become the manager when deleting files. What do you think?

Last edited by NightRook; 08-25-2015 at 08:54 AM.
 
Old 08-25-2015, 09:06 AM   #4
GazL
LQ Veteran
 
Registered: May 2008
Posts: 6,882

Rep: Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988
Ahh, yes, you're quite right.
Quote:
The restricted deletion flag or sticky bit is a single bit, whose interpretation depends on the file type. For directories, it prevents unprivileged users from removing or renaming a file in the directory unless they own the file or the directory
... I'd forgotten about that 'or the directory' part.

In linux you can't suid a script file, but you could do something with sudo to allow the boss-man to take ownership of any files.

Last edited by GazL; 08-25-2015 at 09:07 AM.
 
  


Reply

Tags
acl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Can't delete a directory on 14.1 32 bit - size files appears wrong camorri Slackware 6 03-04-2014 07:40 PM
[SOLVED] Sticky bit directory Spruce_Moose Linux - Newbie 9 03-20-2013 05:23 AM
How to edit PAM DB of VSFTPD (..add user, delete user, change user password ) jsaravana87 Linux - Server 1 10-02-2012 08:49 AM
unable to delete user... nap-ster Solaris / OpenSolaris 4 07-10-2012 03:11 PM
sticky bit:how to restrict the owner to delete files?? hamidhqs Linux - Software 1 03-06-2012 01:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 07:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration