On 06/09/2017 03:02 AM, Carlos E. R. wrote:
On 2017-06-09 00:32, Bernhard Voelker wrote:
On 06/08/2017 07:58 PM, Carlos E. R. wrote:
You could change the directory permissions to 1777 (as '/tmp'), so only the owner of a file may delete it (or root, of course).
Sticky bit to the directory?
The question is, how - i.e., by whom - files are added. If you add all files with uid:guid = 'cer-g:root', and the containing directory is also owned by that user and has the permisssions 0755, then user "cer" won't be able to remove the files either. Then no special bits are neccessary.
No, user "cer" owns the directory and creates the files. Later on, I manually change (chown) finished files to "cer-g" with the idea that they are not altered by accident.
So, now the directory is sticky, owned by cer, and still 'mc' deletes files owned by cer-g without question.
If you manually chown the file later, you need to do this as root anyway. So you could just chown the directory to root. After that, the 1777 permission on the directory would prevent the user 'cer' from removing files owned by 'cer-g'. This is exactly like /tmp: just try to remove a file owned by someone else (and with a non-root user, of course). Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org