[clug-talk] File permissions: add but not modify/delete?
lost at l-w.net
Fri Nov 26 16:25:01 PST 2004
Curtis Sloan wrote:
> On Fri November 26 2004 16:15, William Astle wrote:
>>You missed the bit
> No pun intended? ;-)
If I claimed it was, would you believe me?
>>about users not being able to delete files they just
>>added. The sticky bit would allow them to modify or delete the file.
>>(They would still own it, after all.)
> Now, if I wanted to remove the user's ability to modify or delete after
> creation, how would I do that?
I can't think of any way that would allow that. Removing the "r" bit
from the directory will prevent users from seeing the list of files in
it but if you know the name, you can still access it. Removing the "x"
bit will prevent "using" the directory (accessing or creating files in
it) regardless of r or w. Basically, "x" has to be there and "w" has to
You can force the group of the files in the directory to match the group
of the directory by setting the SGID bit. If the SUID bit worked
similarly for directories, you could use that to accomplish what you
wanted from the user owning the file perspective. It doesn't behave that
way, though. Even with that, however, you would still have the umask
problem; whatever the user sets the umask to still applies to the file
after it was created so if the user's umask allows group write/read on
the file, they'll still be able to read/modify the file (even if they
can't delete it).
All nice and straightforward, eh?
More information about the clug-talk