Hi,
i wonder how i can set the privileges for a particular purpose.
I want to secure a folder so that the files can not be deleted but still can be edited and other items like files can be added to it.
To change it to root did not work out since it doesn’t ask me, it rather just says i can’t add anything to it.
Can i do, what i want to do? Or is it impossible.
Thanks
Maybe someone knows a solution with the standard group and owner settings (I
do not see this at the moment).
If you need such fine grained control it is an option to make yourself
familiar with acl. An old but easy to read article is this one
http://www.suse.de/~agruen/acl/linux-acls/online/
In doubt man pages for acl, getfacl, setfacl give the up to date
information.
–
PC: oS 11.3 64 bit | Intel Core2 Quad Q8300@2.50GHz | KDE 4.6.3 | GeForce
9600 GT | 4GB Ram
Eee PC 1201n: oS 11.4 64 bit | Intel Atom 330@1.60GHz | KDE 4.6.0 | nVidia
ION | 3GB Ram
Thanks already for the hint.
I will read through it and hopefully, it does what i want. Well, the main reason is, that i myself don’t want to accidentally delete files or out of a mood. But at the same time, i still want to be able to add files to the folder.
I forgot to mention that the particular filesystem is xfs and not ext as normally. Its strictly videos and pictures and songs.
If you chmod the files read-only, rm will warn you when you try to delete it. However you could always type y by accident. And other programs that could delete the file won’t warn you.
Another way involves using chattr +i. This is harder to accidentally bypass. However you need to be superuser or have CAP_LINUX_IMMUTABLE to run this. Presumably you only need to do it once.
Another thing you can do is make a hard link in another directory. That way if you delete it in one directory, it’s still around in the other.
On Mon May 16 2011 10:06 pm, ken yap wrote:
>
> If you chmod the files read-only, rm will warn you when you try to
> delete it. However you could always type y by accident. And other
> programs that could delete the file won’t warn you.
>
> Another way involves using chattr +i. This is harder to accidentally
> bypass. However you need to be superuser or have CAP_LINUX_IMMUTABLE to
> run this. Presumably you only need to do it once.
>
> Another thing you can do is make a hard link in another directory. That
> way if you delete it in one directory, it’s still around in the other.
>
>
JoergJaeger;
The “sticky bit” (t or 1000 octal) when set on a directory will permit only
the owner or super user the right to remove files in the directory. If
you create your files as a different user and give yourself access only via
group ( or other) permissions, then you should not be able to remove the file
when the sticky bit is set on the directory. This can cause a problem with
some office software that updates a file by creating a new copy of a file and
then deleting the old version.
For an example see:
http://osr507doc.sco.com/en/OSAdminG/ssC.stickydirs.html
–
P. V.
“We’re all in this together, I’m pulling for you.” Red Green
If they are all videos, pictures and songs, you could store them as blobs in a mysql database and then use the mysql access controls.
So what would be the easiest or the most useful solution?
It seems or looks like that once i say that i restrict write access, i can’t add anymore to the folder.
So i do have to do it with a different user.
How would i be able to make the system ask me if i want to access the file or folder for adding items.
I tried to make everything to root which had the effect that no one was able to delete or write into it. But i did not got a request from the system if i wanted to. It just simply denied it.
I did it with sticky bit.
But i noticed that it applies only to the old files i assume.
If i copy something into it, the permissions are not changed. Do i need to redo it for every file?
I did it like this.
chmod u+t /folder and then umask 077 /folder
On Tue May 17 2011 04:06 pm, JoergJaeger wrote:
>
> I did it with sticky bit.
> But i noticed that it applies only to the old files i assume.
> If i copy something into it, the permissions are not changed. Do i need
> to redo it for every file?
>
> I did it like this.
>
> chmod u+t /folder and then umask 077 /folder
>
>
JoergJaeger;
P. V.
“We’re all in this together, I’m pulling for you.” Red Green
The one thing that doesn’t click for me is that my user still can do everything.
My hope was, that everyone can add files to it and these in turn get automatically the privileges attached. The only thing that would not be possible for anyone is, to delete files and alter files.
Its tricky and i am not sure if that is even possible what i am asking.
btw. the folder and files do have the sticky set. Just any new file copied in to the folder does not for some reason.
Sticky bit on files has no effect. It used to hint whether an executable image in memory was held in swap in old Unixes, but I think Linux hasn’t bothered with using that hint.