LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-18-2017, 10:06 AM   #1
greavette
LQ Newbie
 
Registered: Apr 2017
Posts: 3

Rep: Reputation: Disabled
Linux File/Folder permissions


Hello Forum,

My question is a little offbeat and I'm unsure where it belongs so I'm hoping this forum is the right place to start.

I'm inquiring about file permissions with regards to a Windows computer accessing files on a Linux File Server. Our scenario is that we have .txt files saved on a Linux file share. The requirement for our users is to be able to rename the files but not change the contents of the .txt files. I know of no way to do this through permissions but I'm not an expert on Linux file permissions so I thought I would throw this question out to this group.

I did do some research on file permission settings:

Linux permissions dictate 3 things you may do with a file, read, write and execute. They are referred to in Linux by a single letter each.

r read - you may view the contents of the file.
w write - you may change the contents of the file.
x execute - you may execute or run the file if it is a program or script.

For every file we define 3 sets of people for whom we may specify permissions.

owner - a single person who owns the file. (typically the person who created the file but ownership may be granted to some one else by certain users)
group - every file belongs to a single group.
others - everyone else who is not in the group or the owner.

It doesn't apper to me to be a way to set the permission on a file to not change the contents BUT allow rename.

Any advice or pointers you can provide on where I can search further for an answer to my users request would be greatly appreciated.

Thank you.
 
Old 04-18-2017, 10:52 AM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: MA, USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 8,038
Blog Entries: 13

Rep: Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488
I do not believe you can attain this scenario. You are correct that you need to grant write access for the file to be able to change the name of it.
 
Old 04-18-2017, 11:22 AM   #3
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: FreeBSD/Slackware-14.2+/ArcoLinux
Posts: 9,133

Rep: Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925
Quote:
I'm inquiring about file permissions with regards to a Windows computer accessing files on a Linux File Server. Our scenario is that we have .txt files saved on a Linux file share. The requirement for our users is to be able to rename the files but not change the contents of the .txt files. I know of no way to do this through permissions but I'm not an expert on Linux file permissions so I thought I would throw this question out to this group
One needs write permissions in Linux and I bet in Windows too just to change the file name , therefore the ability to open and change whatever is in it too is there.

read only will not allow this in either Windows or Linux -- so this permissions thing is pretty much cross platform is that respect.

the best you could do is only allow a group of people to do this, but still they'd even be able to changes its contents.
You'd have to make a back up of each file and store it where only someone that can be "trusted" can get at them. That way if someone does decided to go in and change its contents you (should) still have an original (copy).

Last edited by BW-userx; 04-18-2017 at 11:25 AM.
 
Old 04-18-2017, 11:32 AM   #4
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Rep: Reputation: Disabled
Nothing is really a secret on a Unix/Linux system, if you must keep something private you need to encrypt it, otherwise root or other users could know it.
 
Old 04-18-2017, 11:45 AM   #5
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 12,463
Blog Entries: 9

Rep: Reputation: 3372Reputation: 3372Reputation: 3372Reputation: 3372Reputation: 3372Reputation: 3372Reputation: 3372Reputation: 3372Reputation: 3372Reputation: 3372Reputation: 3372
^ this is actually a good idea, because you could still rename the encrypted file.

another idea:
if each file is in a separate folder, and those folders are in a directory which allows (whoever) to write, then, i think, (whoever) could rename the folder, but still not change the file.
 
Old 04-18-2017, 03:14 PM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
So far as I know, even when one is using ACLs (Access Control Lists), the Linux permissions model does not allow you to control "rename" separately. You must have write access to the file in order to rename it.

The Windows permission-model is not identical to that of Linux (nor of any other file-system that is external [to Windows]), so there might be a "mapping" from one to the other, but it is nevertheless the security-model of the host (in this case, "Linux"), which must in the end prevail.
 
Old 04-18-2017, 03:43 PM   #7
rtmistler
Moderator
 
Registered: Mar 2011
Location: MA, USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 8,038
Blog Entries: 13

Rep: Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488Reputation: 3488
Quote:
Originally Posted by linux4evr5581 View Post
Nothing is really a secret on a Unix/Linux system, if you must keep something private you need to encrypt it, otherwise root or other users could know it.
Quote:
Originally Posted by ondoho View Post
^ this is actually a good idea, because you could still rename the encrypted file.
There are variances, however mostly I've seen encrypted directories showing a file or files which have long names implying that they are encryption reference files or archives, and therefore the true filename is obscured by the encryption. As So while I do know there are options, personally I would not select any option which would encrypt files but still expose the name of those files freely. In fact, my preference would be that you couldn't tell how many files there were, or how much space they occupied.
 
Old 04-18-2017, 05:04 PM   #8
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Rep: Reputation: Disabled
Quote:
Originally Posted by rtmistler View Post
There are variances, however mostly I've seen encrypted directories showing a file or files which have long names implying that they are encryption reference files or archives, and therefore the true filename is obscured by the encryption. As So while I do know there are options, personally I would not select any option which would encrypt files but still expose the name of those files freely. In fact, my preference would be that you couldn't tell how many files there were, or how much space they occupied.
Not sure how one would go about doing that, maybe via some type of wrapper.. Id probably just scramble the text/name with ROT13 in addition to the encryption, but what you said would be way better.
 
Old 04-19-2017, 02:50 AM   #9
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.10, Centos 7.5
Posts: 17,670

Rep: Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487
Actually, you don't need 'w' on the file, you need 'w' on the dir; it involves changing file's metadata which is stored in inode (dir).
Code:
#Inside local tmp/ dir
ll
-r--r--r--. 1 chris chris 2907155 Apr 20  2016 1.jpg

mv 1.jpg 2.jpg

ll
-r--r--r--. 1 chris chris 2907155 Apr 20  2016 2.jpg

# move up one level - using tmp dir for testing
cd ..
chmod ug-w tmp

ll tmp
-r--r--r--. 1 chris chris 2907155 Apr 20  2016 2.jpg
mv tmp/2.jpg tmp/3.jpg
mv: cannot move `tmp/2.jpg' to `tmp/3.jpg': Permission denied

# ... and just to show adding perms back
 chmod ug+w tmp
mv tmp/2.jpg tmp/3.jpg
ll tmp

-r--r--r--. 1 chris chris 2907155 Apr 20  2016 3.jpg
HTH
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Folder and file permissions DaftDave Linux - General 2 06-29-2008 10:37 AM
File/folder permissions Yig Linux - Newbie 3 11-28-2005 03:44 PM
File and folder permissions steve007 Linux - Newbie 3 06-30-2005 03:48 AM
File and Folder permissions seelk SUSE / openSUSE 9 01-28-2005 06:50 PM
File / folder Permissions bkbroil Linux - Newbie 3 10-15-2003 10:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration