Hey all,
Came across an interesting question today. Basically they wanted to create a file that a user could read/write to but not delete the file. I have a simple solution to this!! Using the "Restricted Delete Flag" of chmod when applied to a folder. Basically by creating a folder and enabling the "Restricted Delete Flag" on the folder allows users the permissions within the folder assigned to the specific files, however users with write access to a file cannot delete it. (Only the original user can delete it)
Any way here was/is my solution that will allow a user rw access to a file but be unable to delete it.
First create a folder: mkdir newfolder
Then set the restricted deletion flag on the folder: chmod 1705 newfolder/
Then in the folder create your new file
touch file
Set permissions: chmod 600 file
Then grant the user access: setfacl -m u:theuser:rw file
When you check the permissions using getfacl it should look something like this:
[root@ripper folder]# getfacl file
# file: file
# owner: root
# group: root
user::rw-
user:theuser:rw-
group::r--
mask::rw-
other::---
[root@ripper theuser]# getfacl folder
# file: folder
# owner: root
# group: root
# flags: --t
user::rwx
group::---
other::r-x
Now if you test your user can write to the file but will be unable to delete the file..
[theuser@ripper folder]$ cat file
[theuser@ripper folder]$ echo testing | tee -a file
testing
[theuser@ripper folder]$ cat file
testing
[theuser@ripper folder]$ rm file
rm: cannot remove ‘file’: Permission denied
[theuser@ripper folder]$ ls -alh file
-rw-rw----+ 1 root root 8 Feb 25 21:39 file
Much yays. Comments below if you have any other interesting ways of doing this.. Or if you get stuck doing this :)
No comments:
Post a Comment