Right now, there is a mounted NFS storage on RHEL server at the following location:
So I had to request read, write, delete permissions inside Data directory from the server admin.
After getting the permissions, I created three folders viz dev, prod and test inside the Data folder.
So I am the owner of dev, prod and test folders. The way I would like to modify the permissions is as follows:
Scenario 1) No one inside prod and test folders should be able to delete a file and folder including me.
Scenario 2) We should be able to delete files and folders inside the dev directory.
1) For scenario 1, I think I should be able to change the permission for others to read and write inside the prod and test folder since I'm the owner. But what about me? Do I need to ask the server admin to take control of permission so that everyone inside prod and test folders should have same permissions including me?
You should be able to set your own permissions on that folder including for yourself. Full permission for yourself and read for group only would be 740 (if I haven't got my arithmetic totally up the creek). But what is that about restricting deletion? My write permission on my /home/critchie directory appears on Nautilus/caja as “create/delete files and folders”, so I am not sure how you are going to get create permission without delete. You might need to restrict permissions for everybody and change your own permission temporarily.
I don't think there's a way to prevent the owner of a file to delete their own file, other than taking away their write permission on the directory the file is in. Of course, this prevents the owner from adding new files to the directory, but if you're not concerned about that you can use this strategy.
To prevent users from deleting files or folders that belong to other users, just set the sticky flag on the directory with +t.
You might have more fine-grained control if you use ACLs or SELinux policies, but I don't have any experience with them, so I can't help you with them.
Stephan van Hulst wrote:I don't think there's a way to prevent the owner of a file to delete their own file, other than taking away their write permission on the directory the file is in.
In straight Linux, I'm pretty sure that being root even overrides root permission restrictions.
However, if selinux is switched on (default in the Red Hat/CentOS/Fedora distros), then that's not a safe assumption, since one of the reasons that selinux was inflicted on an unwary world was to curb root's power.
I should note that there are also very specific selinux settings governing stuff shared via NFS, so it's a good idea to check the [tt]sebool/tt] options in effect.
Some people, when well-known sources tell them that fire will burn them, don't put their hands in the fire.
Some people, being skeptical, will put their hands in the fire, get burned, and learn not to put their hands in the fire.
And some people, believing that they know better than well-known sources, will claim it's a lie, put their hands in the fire, and continue to scream it's a lie even as their hands burn down to charred stumps.
No holds barred. And no bars holed. Except this tiny ad:
SKIP - a book about connecting industrious people with elderly land owners