Mailinglist Archive: opensuse (1264 mails)

< Previous Next >
Re: [opensuse] File delete permissions.
On 06/09/2017 03:02 AM, Carlos E. R. wrote:
On 2017-06-09 00:32, Bernhard Voelker wrote:
On 06/08/2017 07:58 PM, Carlos E. R. wrote:


You could change the directory permissions to 1777 (as '/tmp'),
so only the owner of a file may delete it (or root, of course).

Sticky bit to the directory?


The question is, how - i.e., by whom - files are added.
If you add all files with uid:guid = 'cer-g:root', and the
containing directory is also owned by that user and has the
permisssions 0755, then user "cer" won't be able to remove
the files either. Then no special bits are neccessary.


No, user "cer" owns the directory and creates the files. Later on, I
manually change (chown) finished files to "cer-g" with the idea that
they are not altered by accident.

So, now the directory is sticky, owned by cer, and still 'mc' deletes
files owned by cer-g without question.

If you manually chown the file later, you need to do this as root anyway.
So you could just chown the directory to root. After that, the 1777 permission
on the directory would prevent the user 'cer' from removing files owned by
'cer-g'.

This is exactly like /tmp: just try to remove a file owned by someone else
(and with a non-root user, of course).

Have a nice day,
Berny

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >