I'd like the users to have write only permissions is a directory, meaning that they can write anything there, but once they put it there only root can delete or edit it and anyone can read it. Is it possible? I suppose by default it's not possible, but do you know any way to to this?

If someone can write a file then they own it and can delete it
the only way to stop the owner deleting a file is to make its permissions read only, but as you want the owner to write a file
then try:

chmod 644 myfile

in other words the owner can read and write
everyone else can read the file and of course root can edit or delete

Still, if I change the permissions of the file the owner would still be able to delete/change it, and I don't want to allow this. So, I thought about this solution: write a script that every 5 minutes (or someting like this) checks if there are some new files in my folder. If so, change the owner to root and all the other users could only read it. The users are able to write anything in that folder because I give them write permissions in the folder.

The question is: is there any easier and practical approach for this? If I check for new files too often, I think that script would take some resources, but if I don't I allow other users to delete what the owner wrote there before I change the permissions (if the owner forgets to set the file permissions) or I allow the owner to delete his own files (which I don't want to allow either).

I hope the question is more clear now... Thank you.

This creates a HUGE security hole on your system. Your script would have to ensure that the suid bits for both user and group are off.

Otherwise:

1. User writes script, changes permissions to 6755 (-rwsr-sr-x)
2. User copies script to public directory, your script changes ownership to root.
3. User runs script, which will run with root priveleges because of the permissions.

The safest and easiest thing, IMHO, would be to stick with a simple public directory.

If you really need to keep users from editing or deleting their own files from a publicly accessible directory, I would recommend:

1. Don't make the directory public. Make it owned and writable by root, and only readable/executable by others.
2. Write a script which performs the necessary moving and changing of ownership and permissions for ONE FILE (ensuring that all suid bits are off). Give other users permission to use sudo to execute this one script as root without password.

This would ensure that users can move files into this directory, but cannot remove or edit them from that point forward, without grave security risk.

"Still, if I change the permissions of the file the owner would still be able to delete/change it, and I don't want to allow this. "

No- you cannot change the permissions of a file you do not own, only root can do this
Remember the 3 categories

owner group others

when you set a file to chmod 644 if the 4 (in octal means read permission only) you cannot alter a file you do not own
Have a look here
http://www.comptechdoc.org/os/linux/..._ugfilesp.html

there are plenty of other examples on google
HTH

Oh man, you do have a point. I never thought about this. One question though: why is it that important for my script to move ONE FILE, like you said? I think it is secure to allow them to copy there one whole folder if I check recursively for every file not to have suid. Is this right? Thanks a bunch for your reply.

You didn't get the point. Please read properly my question. The thread is resolved now anyway, thank you for your reply.

In hindsight, moving one file vs. moving a directory recursively probably doesn't matter... the script is easier to write for one file, though.

Yeah, moving a directory and then checking it recursively ought to be fine.

Yeah... thanks. I just thought you meant something I didn't understand. I like scripting and it's not big deal to check recursively for every file inside the folder. Thanks again.