[SOLVED] filesystem permissions question

c0pe · 07-09-2010, 08:35 AM

Hello,

I need to allow users to read, create and modify files and subdirectories but I don't want them to be able to modify the owner or permissions, can this be done with filesystem permissions? Using CentOS 5.5.

dcellis1950 · 07-09-2010, 10:56 AM

I don't think there is a way to do this with the standard Unix permissions. If you can write to a file, you can change permissions.

However, if you have time on your hands and can learn to use SELinux, there should be a way to do it there.

anomie · 07-09-2010, 02:21 PM

You can get close to the desired effect with shared group membership, and then group ownership (with the sgid bit on directories) for the files.

The problem is: when a user creates a new file s/he will be the owner.

Selinux is one idea for solving that problem. Another is removing read/execute permissions from /bin/chmod and /bin/chown for everyone but root. (That may have some other unintended consequences, though.)

c0pe · 07-12-2010, 07:51 AM

ok, thanks for the info, it's appreciated.

c0pe · 07-12-2010, 09:06 AM

marking thread as solved, since my real question was can this be done with the standard file permissions, and I got the answer, it can not. But thanks for the possible alternatives, I appreciate it.