Mailinglist Archive: opensuse (1264 mails)

< Previous Next >
Re: [opensuse] File delete permissions.
  • From: "Carlos E. R." <robin.listas@xxxxxxxxx>
  • Date: Wed, 14 Jun 2017 12:47:22 +0200 (CEST)
  • Message-id: <nycvar.YFH.7.76.1706141244280.30027@Grypbagne.inyvabe>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Delayed mail. I had to resend it, my ISP is playing tricks on me.

On Friday, 2017-06-09 at 12:11 +0200, Bernhard Voelker wrote:

On 06/09/2017 03:02 AM, Carlos E. R. wrote:
On 2017-06-09 00:32, Bernhard Voelker wrote:
On 06/08/2017 07:58 PM, Carlos E. R. wrote:


No, user "cer" owns the directory and creates the files. Later on, I
manually change (chown) finished files to "cer-g" with the idea that
they are not altered by accident.

So, now the directory is sticky, owned by cer, and still 'mc' deletes
files owned by cer-g without question.

If you manually chown the file later, you need to do this as root anyway.
So you could just chown the directory to root. After that, the 1777 permission
on the directory would prevent the user 'cer' from removing files owned by
'cer-g'.

This is exactly like /tmp: just try to remove a file owned by someone else
(and with a non-root user, of course).


Must the directory be owned by root for this to work?

I don't like giving the directory to root and 'w' access to others.

Ah! Ok, the directory has to be owned by cer-g, not cer. Now it works



er@Isengard:~/Fusion/Videos/Crossing Jordan/Temporada 2> l
total 8041540
drwxrwxr-t 2 cer-g cer 4096 Jun 9 20:07 ./
drwxr-xr-x 4 cer users 56 Jun 8 20:00 ../
- -rw-r--r-- 1 cer-g cer 0 Jun 9 20:07 m.mpeg
- -rw-r--r-- 1 cer users 0 Jun 9 19:55 p.mpeg
cer@Isengard:~/Fusion/Videos/Crossing Jordan/Temporada 2>

Now 'mc' refuses to delete m.mpeg


So the solution is:

Change the permissions of the Videos directory tree with a script:

#!/bin/bash
find /home/cer/Fusion/Videos/ -type d -exec chmod u+r+w+x,g+w+x,o+r-w-x,+t '{}' \;
find /home/cer/Fusion/Videos/ -type d -exec sudo chown cer-g:cer '{}' \;


Create a context menu on 'mc' so that I can switch ownership of
individual or multiple files:

+ t t
v chown tagged files to cer-g
for i in %t
do
sudo chown cer-g:cer "$i"
done

+ t t
V chown tagged files to cer
for i in %t
do
sudo chown cer:cer "$i"
done

+ ! t t
v chown current file to cer-g
sudo chown cer-g:cer "%f"

+ ! t t
V chown current file to cer
sudo chown cer:cer "%f"



The advantage to using attribute 'i' is that I can visually see which
files are "protected". Ok, not really protected, but suffices, I think.
I may create a script to also change the 'i' attribute of files owned by
cer-g.


- -- Cheers,
Carlos E. R.
(from 42.2 x86_64 "Malachite" at Telcontar)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAllBFEIACgkQtTMYHG2NR9WWzwCeKpGKgvNsVTE1gtsZdnQGe+xm
l0EAnAww9lRIe3AnKJ9T+5HPtLcsEAKu
=RKGZ
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >