[clug-talk] File permissions: add but not modify/delete?

William Astle lost at l-w.net
Fri Nov 26 16:25:01 PST 2004


Curtis Sloan wrote:
> On Fri November 26 2004 16:15, William Astle wrote:
> 
>>You missed the bit 
> 
> No pun intended?  ;-)

If I claimed it was, would you believe me?

>>about users not being able to delete files they just 
>>added. The sticky bit would allow them to modify or delete the file.
>>(They would still own it, after all.)
> 
> Now, if I wanted to remove the user's ability to modify or delete after 
> creation, how would I do that?

I can't think of any way that would allow that. Removing the "r" bit 
from the directory will prevent users from seeing the list of files in 
it but if you know the name, you can still access it. Removing the "x" 
bit will prevent "using" the directory (accessing or creating files in 
it) regardless of r or w. Basically, "x" has to be there and "w" has to 
be there.

You can force the group of the files in the directory to match the group 
of the directory by setting the SGID bit. If the SUID bit worked 
similarly for directories, you could use that to accomplish what you 
wanted from the user owning the file perspective. It doesn't behave that 
way, though. Even with that, however, you would still have the umask 
problem; whatever the user sets the umask to still applies to the file 
after it was created so if the user's umask allows group write/read on 
the file, they'll still be able to read/modify the file (even if they 
can't delete it).

All nice and straightforward, eh?

-- 
William Astle



More information about the clug-talk mailing list