LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-19-2013, 03:17 AM   #1
amit.bandhuroy
LQ Newbie
 
Registered: Dec 2013
Posts: 3

Rep: Reputation: Disabled
Problem with access issue on Linux.


I have a problem here..

Can I create a directory (Any where in the system) inside which every user will have write access but nobody will have delete access? Only the owner of the group/directory can delete from the directory.
Please note, Not even root will have delete access to the Directory.
 
Old 12-19-2013, 03:24 AM   #2
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 4,414
Blog Entries: 6

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
I don't think so.

You can make the files immutable (chattr +i filename) - not even root can delete them - but that also means that neither root nor anyone else can write changes to them.

If they have write access then they can delete - there is no separate 'delete' permission. If they can write then they can write it as an empty file, so delete is nearly a moot point anyway.

Last edited by astrogeek; 12-19-2013 at 03:25 AM.
 
Old 12-19-2013, 04:36 AM   #3
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
Now thats a sticky question.

Use the sticky bit on the directory. According to wikipedia it allows only the owner to delete or rename a file. Also write and read permissions still have their usual effect.
 
2 members found this post helpful.
Old 12-19-2013, 05:09 AM   #4
amit.bandhuroy
LQ Newbie
 
Registered: Dec 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
I found one solution:
If I create a Folder 'x' and a group 'xy'

I will add users 'a', 'b', 'c' to the group 'xy'.
chgrp xy x
this will change the group for the folder 'x' to 'xy'.
I will give this group 'xy' read and execute permissions to the folder 'x'
files inside the folder will have read and write permissions for the group 'xy'.
now I can see all the members in the group 'xy' ('a', 'b' & 'c') can write the files but can not delete or create a new file as the folder does not have write permission.

But still root can do everything. How to make root act like an user here in the folder?
 
Old 12-20-2013, 12:08 AM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,374

Rep: Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383
root can always do everything; that's the whole point.
 
Old 12-20-2013, 08:09 AM   #6
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora
Posts: 1,691

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by amit.bandhuroy View Post
I found one solution:
If I create a Folder 'x' and a group 'xy'

I will add users 'a', 'b', 'c' to the group 'xy'.
chgrp xy x
this will change the group for the folder 'x' to 'xy'.
I will give this group 'xy' read and execute permissions to the folder 'x'
files inside the folder will have read and write permissions for the group 'xy'.
now I can see all the members in the group 'xy' ('a', 'b' & 'c') can write the files but can not delete or create a new file as the folder does not have write permission.
You call a directory a folder? That hurts

Let me point out that your scenario also doesn't allow to create new files, as this would require write permission fore the directory.

In general:
  • creating or deleting a file requires write permission for the directory
  • writing to an existing file requires write permission for the file
  • the sticky bit in the directory modifies that a little
  • you can also use ACLs and perhaps SELinux to tune the system behaviour
 
1 members found this post helpful.
Old 12-20-2013, 10:09 PM   #7
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 813

Rep: Reputation: 264Reputation: 264Reputation: 264
Quote:
Originally Posted by amit.bandhuroy View Post
Not even root will have delete access to the Directory.
I'm not sure if that's even possible...
If root wants something done, root WILL do it, no matter how hard you try to block it with software.
That shouldn't be a problem though, because the root account is inaccessible...unless you activated it? If you did, I would Google how to de-activate it and use sudo instead...using the root account can be dangerous...but then again, it's your system, not mine, so do what you think is best. But I would STRONGLY recommend that you not enable the root account.

I seemed to have digressed a bit...[sigh] [/sigh]...but now you know!
 
Old 12-20-2013, 11:36 PM   #8
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 4,414
Blog Entries: 6

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
Quote:
Originally Posted by maples View Post
I'm not sure if that's even possible...
That shouldn't be a problem though, because the root account is inaccessible...unless you activated it? If you did, I would Google how to de-activate it and use sudo instead...using the root account can be dangerous...but then again, it's your system, not mine, so do what you think is best. But I would STRONGLY recommend that you not enable the root account.

I seemed to have digressed a bit...[sigh] [/sigh]...but now you know!
The root account might be inaccessible or deactivated on your distro, but it is certainly active and accessible on many GNU/Linux distros.

The root account is not dangerous, misuse of the root account might be dangerous.

The concept of, reasons for and proper use of the root account are important foundations of Unix and GNU/Linux. It would be better for people to understand those concepts rather than listen to and spread FUD about it.

Last edited by astrogeek; 12-20-2013 at 11:38 PM.
 
Old 12-20-2013, 11:39 PM   #9
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 81
Quote:
But still root can do everything. How to make root act like an user here in the folder?
well thats again something that cant be done, you cant ask your Dean to write exam for you, so as for root(admin) it is everything under a *nix OS you can make it ignore somethings for you (immutable) but whenever it decide to change something it wont wait for you. (i ws talking from an admin point of view) again if they can write they can delete, there is no specific permissions for delete.
what you done with group xy is a possibility apart from using acl's, which i still think is a better option.
 
Old 12-22-2013, 09:43 PM   #10
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) end border$! ◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,565
Blog Entries: 2

Rep: Reputation: 1079Reputation: 1079Reputation: 1079Reputation: 1079Reputation: 1079Reputation: 1079Reputation: 1079Reputation: 1079
Don't do this.
 
1 members found this post helpful.
Old 12-24-2013, 06:22 AM   #11
amit.bandhuroy
LQ Newbie
 
Registered: Dec 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
Many thanks guys..
Was learning root's permissions in Linux and had a qstn in mind, so asked.
Good to have so many answers for it.
 
Old 12-29-2013, 04:41 PM   #12
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) end border$! ◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,565
Blog Entries: 2

Rep: Reputation: 1079Reputation: 1079Reputation: 1079Reputation: 1079Reputation: 1079Reputation: 1079Reputation: 1079Reputation: 1079
More good info here: http://www.linuxquestions.org/questi...at-4175489038/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Network Connection issue:Win7(good) any Linux Distro (partial access) anperri Linux - Wireless Networking 1 11-28-2011 09:08 AM
XFS FS Access issue grants access for req 1, denies for req 2 rsheikh Linux - Server 0 06-28-2011 03:03 PM
Email Access Problem on Linux Tinkicka Linux - Newbie 6 06-16-2009 08:19 PM
IBM iSeries Access for Linux Dependency issue baabakb Linux - Software 1 08-16-2006 03:22 PM
Sendmail /etc/mail/access issue (access.db) CactusS4 Linux - General 0 05-22-2004 07:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration