2

I know there is the +i flag for files and directories, but i have a deeper Problem.

Is there a way to prevent a folder from being deleted by an User which should be able to create / access / remove files and folders INSIDE the delete-protected folder?

The sudo chattr +i testfolder flag wont help because then a user can only read files, but not create or delete these.

The sudo chattr +a testfolder flag wonth either help because then a user can write and read files, but only append edit files and dont remove them.

I need a solution where a user is able to write, access and remove Files but can't delete the root/parent folder.

fechnert
  • 133
  • 9

1 Answers1

2

This is basically what the /tmp folder is for. So just set the permissions that same as /tmp:

chmod --reference=/tmp testfolder

The testfolder should be owned by a different user (e.g. root). The user will be able to wrx files and folders under testfolder, but will not be able to remove or modify the testfolder.

For example:

[root@host ~]# mkdir /test
[root@host ~]# chmod --reference=/tmp /test
[root@host ~]# ls -ld /test
drwxrwxrwt 2 root root 4096 Feb 15 09:33 /test/
[root@host ~]# su - user
[user@host ~]$ mkdir /test/foo
[user@host ~]$ rm -fr /test
rm: cannot remove `/test': Permission denied

As you can see, user can create files and dirs under /test, but is not allowed to remove it.

gogators
  • 226
  • 2
  • 8