how i can change file permissions to read,write and modify but not to delete in linux

boby.kumar · 03-19-2013, 09:21 AM

Hi Team
I am working as a sytem adminstrator and need some suggestion from your side. I want to change file and directory permission to read,write and modify but not to delete them by the user in linux.
All the users logged in to samba server by rncit and i have to restrict them not to delete any file or directory.
I have shared the following Path:/home/rncit in samba server.
please do the needful as it is urgent.

regards
Boby

acid_kewpie · 03-19-2013, 09:24 AM

writing IS deleting. If you can replace the entire contents of the file, what benefit is it to not be able to delete it?

kirukan · 03-19-2013, 09:26 AM

Try sticky bit
http://www.thegeekstuff.com/2011/02/...irectory-file/

shivaa · 03-19-2013, 09:42 AM

According to the situation you have given, it points towards sticky bit. But remember, sticky bit is applicable for directories only, not useful on files. However, after applying sticky bit on a directory, the content within the directory can be deleted by file owner, directory owner or root only. After that, you can assign all read/write/execute permission to all.

Code:

~$ mkdir mydir
~$ mv file1 file2 file3... mydir
~$ chmod -R a+rwx  mydir

Then apply sticky bit, as:

Code:

~$ chmod a+t mydir

allend · 03-19-2013, 10:13 AM

One other thought would be to use inotifywait to watch for file a being closed, and then immediately copy that file appending a time stamp to a directory that the users cannot access. If a file was subsequently deleted, you would still have a copy of the original.

boby.kumar · 03-20-2013, 12:11 AM

thanks a lot.
I got the point but sticky bit allow only the file owner to read,write and delete but I have around 500 users to access the samba server.
please suggest me how i can manage it by group id or userid, i am using 6.2 linux version for samba.
can i need to create individuals userid for the same?

Regards
Boby

shivaa · 03-20-2013, 12:19 AM

@Boby:
If you do not wish to allow everyone to have read/write, then create a new group, add it as main group for the directory as well as files. And then add only those users to that group whom you wish to allow read/write permissions.

Code:

~$ groupadd <groupname>
~$ chgrp -R <groupname> <directoryname>
~$ chmod -R 770 <directoryname>
~$ chmod g+s <directoryname>

linosaurusroot · 03-20-2013, 01:43 AM

Quote:

Originally Posted by acid_kewpie

writing IS deleting. If you can replace the entire contents of the file, what benefit is it to not be able to delete it?

Except for an append-only write for instance after

Code:

chattr +a filename

boby.kumar · 03-20-2013, 08:58 AM

thanks a lot for the same.
Please take out the steps that how i can add users in the same group and the only group permissions will be inhert by the users?
Actually I have to Create 3 groups as DII&V,E2E and OAM and want to read,write and delete permissions for these groups.
please do the needful.

Regards
Boby

shivaa · 03-20-2013, 09:29 AM

Why you want to create 3 groups? Just one group is enough to protect whole directory data.

To add a new group (see manual of groupadd),

Code:

~$ groupadd <groupname>

Then add allowed users into this group (see manual of usermod),

Code:

~$ usermod -G <groupname> <username>

Change group of the directory recursively (see manual of chgrp),

Code:

~$ chgrp -R <groupname> /path/to/directory

Add SGID on the directory (see manual of chmod),

Code:

~$ chmod g+s <directoryname>

However, these are very basic commands, and as a system admin you should know them very well. If you would have even checked the manuals of these command, you didn't need to ask for it.