Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: privileges for folders

  1. #1
    Join Date
    Apr 2010
    Location
    i am location
    Posts
    1,421

    Default privileges for folders

    Hi,
    i wonder how i can set the privileges for a particular purpose.

    I want to secure a folder so that the files can not be deleted but still can be edited and other items like files can be added to it.

    To change it to root did not work out since it doesn't ask me, it rather just says i can't add anything to it.

    Can i do, what i want to do? Or is it impossible.

    Thanks
    +++ ATH0

    . . . . . . . .
    LOGOFF COMPLETE

  2. #2
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,654

    Default Re: privileges for folders

    Maybe someone knows a solution with the standard group and owner settings (I
    do not see this at the moment).
    If you need such fine grained control it is an option to make yourself
    familiar with acl. An old but easy to read article is this one
    http://www.suse.de/~agruen/acl/linux-acls/online/
    In doubt man pages for acl, getfacl, setfacl give the up to date
    information.

    --
    PC: oS 11.3 64 bit | Intel Core2 Quad Q8300@2.50GHz | KDE 4.6.3 | GeForce
    9600 GT | 4GB Ram
    Eee PC 1201n: oS 11.4 64 bit | Intel Atom 330@1.60GHz | KDE 4.6.0 | nVidia
    ION | 3GB Ram

  3. #3
    Join Date
    Apr 2010
    Location
    i am location
    Posts
    1,421

    Default Re: privileges for folders

    Thanks already for the hint.
    I will read through it and hopefully, it does what i want. Well, the main reason is, that i myself don't want to accidentally delete files or out of a mood. But at the same time, i still want to be able to add files to the folder.

    I forgot to mention that the particular filesystem is xfs and not ext as normally. Its strictly videos and pictures and songs.
    +++ ATH0

    . . . . . . . .
    LOGOFF COMPLETE

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: privileges for folders

    If you chmod the files read-only, rm will warn you when you try to delete it. However you could always type y by accident. And other programs that could delete the file won't warn you.

    Another way involves using chattr +i. This is harder to accidentally bypass. However you need to be superuser or have CAP_LINUX_IMMUTABLE to run this. Presumably you only need to do it once.

    Another thing you can do is make a hard link in another directory. That way if you delete it in one directory, it's still around in the other.

  5. #5
    Join Date
    Nov 2009
    Location
    ND, USA
    Posts
    1,131

    Default Re: privileges for folders

    On Mon May 16 2011 10:06 pm, ken yap wrote:

    >
    > If you chmod the files read-only, rm will warn you when you try to
    > delete it. However you could always type y by accident. And other
    > programs that could delete the file won't warn you.
    >
    > Another way involves using chattr +i. This is harder to accidentally
    > bypass. However you need to be superuser or have CAP_LINUX_IMMUTABLE to
    > run this. Presumably you only need to do it once.
    >
    > Another thing you can do is make a hard link in another directory. That
    > way if you delete it in one directory, it's still around in the other.
    >
    >

    JoergJaeger;

    The "sticky bit" (t or 1000 octal) when set on a directory will permit only
    the owner or super user the right to remove files in the directory. If
    you create your files as a different user and give yourself access only via
    group ( or other) permissions, then you should not be able to remove the file
    when the sticky bit is set on the directory. This can cause a problem with
    some office software that updates a file by creating a new copy of a file and
    then deleting the old version.

    For an example see:
    http://osr507doc.sco.com/en/OSAdminG...tickydirs.html


    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

  6. #6
    Join Date
    Jun 2008
    Location
    West Yorkshire, UK
    Posts
    3,611

    Default Re: privileges for folders

    If they are all videos, pictures and songs, you could store them as blobs in a mysql database and then use the mysql access controls.

  7. #7
    Join Date
    Apr 2010
    Location
    i am location
    Posts
    1,421

    Default Re: privileges for folders

    So what would be the easiest or the most useful solution?

    It seems or looks like that once i say that i restrict write access, i can't add anymore to the folder.
    So i do have to do it with a different user.
    How would i be able to make the system ask me if i want to access the file or folder for adding items.
    I tried to make everything to root which had the effect that no one was able to delete or write into it. But i did not got a request from the system if i wanted to. It just simply denied it.
    +++ ATH0

    . . . . . . . .
    LOGOFF COMPLETE

  8. #8
    Join Date
    Apr 2010
    Location
    i am location
    Posts
    1,421

    Default Re: privileges for folders

    I did it with sticky bit.
    But i noticed that it applies only to the old files i assume.
    If i copy something into it, the permissions are not changed. Do i need to redo it for every file?

    I did it like this.

    chmod u+t /folder and then umask 077 /folder
    +++ ATH0

    . . . . . . . .
    LOGOFF COMPLETE

  9. #9
    Join Date
    Nov 2009
    Location
    ND, USA
    Posts
    1,131

    Default Re: privileges for folders

    On Tue May 17 2011 04:06 pm, JoergJaeger wrote:

    >
    > I did it with sticky bit.
    > But i noticed that it applies only to the old files i assume.
    > If i copy something into it, the permissions are not changed. Do i need
    > to redo it for every file?
    >
    > I did it like this.
    >
    > chmod u+t /folder and then umask 077 /folder
    >
    >

    JoergJaeger;

    The sticky bit is set on a directory and applies to each file within the
    directory. I've not tested this but assume you would need to set the sticky
    bit on each new directory, including subdirectories. I've used his on Samba
    shares where one can force newly created directories (via Samba) to have the
    sticky bit set.
    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

  10. #10
    Join Date
    Apr 2010
    Location
    i am location
    Posts
    1,421

    Default Re: privileges for folders

    The one thing that doesn't click for me is that my user still can do everything.
    My hope was, that everyone can add files to it and these in turn get automatically the privileges attached. The only thing that would not be possible for anyone is, to delete files and alter files.
    Its tricky and i am not sure if that is even possible what i am asking.

    btw. the folder and files do have the sticky set. Just any new file copied in to the folder does not for some reason.
    +++ ATH0

    . . . . . . . .
    LOGOFF COMPLETE

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •