LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-15-2010, 05:47 AM   #1
shridhar005
Member
 
Registered: Jul 2008
Posts: 90

Rep: Reputation: 17
Smile File permissions and ownership getting screwed up


Hi there
here is interesting problem scenario.Before mentioning it , I have searched first over the internet about the solution but somehow I was not locate it or find it.
Scenario:
OS:CentOS
There is directory named "data" with permission
Code:
[yat@testew data]$ ll
total 16
drwxrwsr-t 6 yat FH  4096 Sep 15 00:55 ables
drwxr-x--t 3 yat FH  4096 Sep 14 07:03 Mng
drwxrwxr-t 7 yat FH  4096 Sep 15 00:55 Files
drwxrwxr-t 8 yat FHW 4096 Sep 15 00:55 Working
now whenever a user from the group FH access any one of directory and creates a file that file bears ownership and groupownership of that user .

Expected Help: Is it possible to let users create the directory or files but only user "yat" can delete them.

suppose other users are geller ross joe from group FH , who have privileges. whenever these users create file or dir , they should not able delete it.

BottomLine: Group users should create file but should not be able to delete them.

By the way using sgid bit didnt help .
Any help or suggetion is appreciated, if any error or mistake you notice please notify and forgive.
 
Old 09-15-2010, 07:10 AM   #2
Zarniwoop79
Member
 
Registered: Jul 2009
Location: Göteborg, Sweden
Distribution: Mandriva
Posts: 32

Rep: Reputation: 3
I don't think there is a way of doing this unfortunately. The permission for creating a file and deleting a file is the same (w), so I don't think you can allow the same user to create files without allowing him to remove them.
 
Old 09-15-2010, 07:27 AM   #3
sem007
Member
 
Registered: Nov 2006
Distribution: RHEL, CentOS, Debian Lenny, Ubuntu
Posts: 638

Rep: Reputation: 113Reputation: 113
Quote:
Originally Posted by shridhar005 View Post
Hi there
here is interesting problem scenario.Before mentioning it , I have searched first over the internet about the solution but somehow I was not locate it or find it.
Scenario:
OS:CentOS
There is directory named "data" with permission
Code:
[yat@testew data]$ ll
total 16
drwxrwsr-t 6 yat FH  4096 Sep 15 00:55 ables
drwxr-x--t 3 yat FH  4096 Sep 14 07:03 Mng
drwxrwxr-t 7 yat FH  4096 Sep 15 00:55 Files
drwxrwxr-t 8 yat FHW 4096 Sep 15 00:55 Working
now whenever a user from the group FH access any one of directory and creates a file that file bears ownership and groupownership of that user .

Expected Help: Is it possible to let users create the directory or files but only user "yat" can delete them.

suppose other users are geller ross joe from group FH , who have privileges. whenever these users create file or dir , they should not able delete it.

BottomLine: Group users should create file but should not be able to delete them.

By the way using sgid bit didnt help .
Any help or suggetion is appreciated, if any error or mistake you notice please notify and forgive.
If user create files it will become owner of that file/dir and owner of file has right to modify or delete file.

It is not possible to set this permission like user can create file but not delete own file.

Regards,
 
Old 09-15-2010, 07:45 AM   #4
adenial
Member
 
Registered: Sep 2010
Location: Bangalore, India
Distribution: rhel5, ubuntu9.04(occassionally), Debian.
Posts: 87

Rep: Reputation: 5
prolly u can try sticky bit options...

u can also refer to this link.
http://en.wikipedia.org/wiki/Sticky_bit
 
Old 09-15-2010, 07:48 AM   #5
crts
Senior Member
 
Registered: Jan 2010
Posts: 1,620

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
Hi,

one possibility would be to use incrond. to monitor that directory and change the permissions after file creation accordingly. However, the user would then not be able to write to that file either. I am not sure, if it is possible to configure incrond to discriminate between the 'rm' command and any other command that tries to gain write access to that file.
So check the man pages of incrond thoroughly.

http://linux.die.net/man/8/incrond

[EDIT]
Please clarify if the user who created the file needs to be able to modify it afterwards. There *might* be some ugly solution for your problem.

Last edited by crts; 09-15-2010 at 07:54 AM.
 
Old 09-15-2010, 07:55 AM   #6
MTK358
LQ 5k Club
 
Registered: Sep 2009
Posts: 6,443
Blog Entries: 3

Rep: Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721
Quote:
Originally Posted by crts View Post
discriminate between the 'rm' command and any other command that tries to gain write access to that file.
There are far more ways to delete files. You can make a simple Perl script to delete a file.
 
Old 09-15-2010, 08:01 AM   #7
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,145
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
try stickybit ; setfacl ; setuid and setgid
 
Old 09-15-2010, 08:10 AM   #8
crts
Senior Member
 
Registered: Jan 2010
Posts: 1,620

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
Quote:
Originally Posted by MTK358 View Post
There are far more ways to delete files. You can make a simple Perl script to delete a file.
Hi,

see the [EDIT] of my post.
Quote:
There *might* be some ugly solution for your problem.
Emphasis is on 'might' and 'ugly'.
I am not sure IF it is possible to achieve this in a robust, 100% reliable manner. However, I can think of some possibilities which *might* work. Before I explore them any further, I need some feedback from the OP. Maybe the OP just expressed himself unclear and simply setting the sticky bit would suffice for his purposes. Maybe it is sufficient for the OP to just keep the users from deleting/accessing each others files.
 
Old 09-16-2010, 05:34 AM   #9
shridhar005
Member
 
Registered: Jul 2008
Posts: 90

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by adenial View Post
prolly u can try sticky bit options...

u can also refer to this link.
http://en.wikipedia.org/wiki/Sticky_bit
Well I tried to use sticky bit however when a user creates a file he owns that file and sticky bit allows to delete that file by only owner of that file or superuser.
hence sticky bit is out of league .
 
Old 09-16-2010, 09:09 AM   #10
adenial
Member
 
Registered: Sep 2010
Location: Bangalore, India
Distribution: rhel5, ubuntu9.04(occassionally), Debian.
Posts: 87

Rep: Reputation: 5
Quote:
Originally Posted by shridhar005 View Post
Well I tried to use sticky bit however when a user creates a file he owns that file and sticky bit allows to delete that file by only owner of that file or superuser.
hence sticky bit is out of league .
Well thats what i thought ur original query was, only owner should be able to delete the file.....
 
Old 09-17-2010, 01:37 AM   #11
shridhar005
Member
 
Registered: Jul 2008
Posts: 90

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by adenial View Post
Well thats what i thought ur original query was, only owner should be able to delete the file.....
Thanks for reply and your time .
Well, the question or expected help is like this :
members of group FH can create the files but they should not own them i.e.whatever they create should be owned by User "YAT" in this case, and group of that file should be "FH".
Is it possible. Well unintelligent way is to change the permission of those file every time users create anything in it. which is unimaginable.Thus Is there any other way to tackle this issue ??
 
Old 09-17-2010, 01:53 AM   #12
adenial
Member
 
Registered: Sep 2010
Location: Bangalore, India
Distribution: rhel5, ubuntu9.04(occassionally), Debian.
Posts: 87

Rep: Reputation: 5
Quote:
Originally Posted by shridhar005 View Post
Thanks for reply and your time .
Well, the question or expected help is like this :
members of group FH can create the files but they should not own them i.e.whatever they create should be owned by User "YAT" in this case, and group of that file should be "FH".
Is it possible. Well unintelligent way is to change the permission of those file every time users create anything in it. which is unimaginable.Thus Is there any other way to tackle this issue ??
well then its no i would say, because

if members of FH are creating the file to be owned by YAT thats illogical coz when some1 crates a file then he/she has to be an owner of the file(creater of file is the owner no other option.)..thats the only option.

the only option is "chown" after the file is created...infact thats tthe only option.
 
Old 09-17-2010, 02:03 AM   #13
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,417

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
It would be good if you could explain at a little higher level what you are trying to achieve and why; there may(!) be a better soln.
In the mean time, have a look at inotify: http://linux.die.net/man/7/inotify http://en.wikipedia.org/wiki/Inotify
 
Old 09-17-2010, 07:04 AM   #14
crts
Senior Member
 
Registered: Jan 2010
Posts: 1,620

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
Quote:
Originally Posted by shridhar005 View Post
members of group FH can create the files but they should not own them i.e.whatever they create should be owned by User "YAT" in this case, and group of that file should be "FH".
Is it possible.
Yes, have a look at incrond as I already stated. Properly configured this daemon will handle file creation and changing owner to "YAT".
Quote:
Well unintelligent way is to change the permission of those file every time users create anything in it.
Having no idea and still judging things as unintelligent does not seem smart either ...
The daemon will automatically take care of changing file permissions accordingly, however, you still haven't provided any info if after file creation the users will still need to access the file for writing.
I am getting the impression that you do not read the suggestions provided very carefully.
 
Old 09-20-2010, 01:06 AM   #15
shridhar005
Member
 
Registered: Jul 2008
Posts: 90

Original Poster
Rep: Reputation: 17
Thumbs down

Quote:
Originally Posted by crts View Post
Yes, have a look at incrond as I already stated. Properly configured this daemon will handle file creation and changing owner to "YAT".

Having no idea and still judging things as unintelligent does not seem smart either ...
The daemon will automatically take care of changing file permissions accordingly, however, you still haven't provided any info if after file creation the users will still need to access the file for writing.
I am getting the impression that you do not read the suggestions provided very carefully.
I'm working on incrond ,"Nobody cares what you think and what impressions you get. In plain and simple English "MIND YOUR OWN BUSINESS AND STOP MAKING ANY PERSONAL COMMENT. MAKING ANY SUCH DOES NOT INTELLIGENT EITHER
If person is willing to help it has be without any fuss.Thanks for reply
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Solution to have svn managed file-permissions and ownership nobody25145147 Linux - Software 0 01-25-2009 08:36 AM
Permissions & Ownership Really screwed slacard Other *NIX 1 04-03-2005 01:36 AM
File permissions and ownership all screwed up Haiyadragon Linux - General 6 09-20-2004 02:09 PM
Apache/Samba file permissions/ownership seedsca Linux - Networking 0 03-28-2004 10:07 PM
CVS - file permissions and file ownership Osten Linux - Software 3 01-18-2004 05:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration