Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Linux directory permissions read write but not delete

Tags:

linux

file-permissions

Is it possible to setup directory permissions such that a group is able to read and write files and subdirectories but not delete anything?

like image 811
CodeLizard Avatar asked May 15 '09 16:05

CodeLizard

People also ask

Does write permission allow delete in Linux?

Well, it would be r-x for this directory. And files in it would have rw-. This is because a file can be written if its permissions allow Write, but it can only be deleted if its directory's permissions allow Write.

Does read/write access allow you to delete?

Read-write: All users that are given access to the share will have R/W privileges (unless specifically assigned Read Only permission). Read-write/Reject delete: This is the same as above, except that users will be prevented from deleting files/folders.

What is the meaning of chmod 777?

Setting 777 permissions to a file or directory means that it will be readable, writable and executable by all users and may pose a huge security risk.

What does chmod 755 do?

When you perform chmod 755 filename command you allow everyone to read and execute the file, the owner is allowed to write to the file as well. So, there should be no permission to everyone else other than the owner to write to the file, 755 permission is required.

1 Answers

It might be enough to set the sticky bit on the directories. Users will be able to delete any files they own, but not those of other users. This may be enough for your use case. On most systems, /tmp is setup this way (/tmp is set 1777)

chmod 1775 /controlled

However, If you want more control, you'll have to enable ACL on the filesystem in question.

In /etc/fstab, append acl to the flags:

/dev/root        /                       ext3    defaults,acl       1 1

You can then use setfacl/getfacl to control and view acl level permissions.

Example: (Create files, once written, they are read only, but CAN be deleted by owner, but not others.)

setfacl --set u::rwxs,g::rwx /controlled setfacl -d --set u::r-x,g::r-x,o::- /controlled

You can set a default acl list on a directory that will be used by all files created there.

As others have noted, be careful to specify exactly what you want. You say "write" - but can users overwrite their own files? Can they change existing content, or just append? Once written, it's read only? Perhaps you can specify more detail in the comments.

Lastly, selinux and grsecurity provide even more control, but that's a whole other can of worms. It can be quite involved to setup.

like image 136
jmanning2k Avatar answered Oct 18 '22 08:10

jmanning2k
Sign in to Comment

Related questions

How to find files modified in last x minutes (find -mmin does not work as expected)
How to compare two SQLite databases on Linux
How to view unallocated free space on a hard disk through terminal [closed]
Remove the last page of a pdf file using PDFtk?
How to attach a file using mail command on Linux? [duplicate]
Will printf still have a cost even if I redirect output to /dev/null?
How can I read a file and redirect it to a variable?
How to check what shared libraries are loaded at run time for a given process?
In Linux, what do all the values in the "top" command mean?
How to check for openCV on Ubuntu 9.10
How to set the name of a thread in Linux pthreads?
How to stop a screen process in linux?
Replace whitespace with a comma in a text file in Linux
How do I add a user in Ubuntu? [closed]
grep from tar.gz without extracting [faster one]
Installed Go binary not found in path on Alpine Linux Docker
MongoError: connect ECONNREFUSED 127.0.0.1:27017
Read line by line in Bash script
Weak symbol aliases on OS X similar to those on Linux, or a closest equivalent?
Packaging a Python script on Linux into a Windows executable

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!