Hello All!
I want to restrict users to delete _one_ file from they own home directory.
Is it possible on UFS ?
----------------- cUT here ------------------------
/export/home/User2$ ls -l anyfile
-rwxr-xr-x 1 root root 53 Aug 2 11:17 anyfile
/export/home/User2$ whoami
User2
/export/home/User2$ rm anyfile
rm: anyfile: override protection 755 (yes/no)?
----------------- cUT here ------------------------
WBR, Andrei.
|
|
0
|
|
|
|
Reply
|
 Pro395 (2)
|
8/3/2004 3:21:06 PM |
|
In article <2n9os4Fug3bcU1@uni-berlin.de>, Pro <Pro@example.net> wrote:
> Hello All!
>
> I want to restrict users to delete _one_ file from they own home directory.
> Is it possible on UFS ?
>
> ----------------- cUT here ------------------------
> /export/home/User2$ ls -l anyfile
> -rwxr-xr-x 1 root root 53 Aug 2 11:17 anyfile
> /export/home/User2$ whoami
> User2
> /export/home/User2$ rm anyfile
> rm: anyfile: override protection 755 (yes/no)?
> ----------------- cUT here ------------------------
>
> WBR, Andrei.
If they own the directory, they can write to it. Therefore, they can
delete files from it. It's unclear what you want to do from your
description and example as they seem to contradict each other. If you
want to restrict a user from deleting a file that's in their home
directory, then that user can't be the owner of the file.
--
DeeDee, don't press that button! DeeDee! NO! Dee...
|
|
|
0
|
|
|
|
Reply
|
 Michael
|
8/3/2004 6:37:09 PM
|
|
"Michael Vilain <vilain@spamcop.net>" wrote:
> In article <2n9os4Fug3bcU1@uni-berlin.de>, Pro <Pro@example.net> wrote:
>
>
>>Hello All!
>>
>>I want to restrict users to delete _one_ file from they own home directory.
>>Is it possible on UFS ?
>>
>>----------------- cUT here ------------------------
>>/export/home/User2$ ls -l anyfile
>>-rwxr-xr-x 1 root root 53 Aug 2 11:17 anyfile
>>/export/home/User2$ whoami
>>User2
>>/export/home/User2$ rm anyfile
>>rm: anyfile: override protection 755 (yes/no)?
>>----------------- cUT here ------------------------
>>
>>WBR, Andrei.
>
>
> If they own the directory, they can write to it. Therefore, they can
> delete files from it. It's unclear what you want to do from your
> description and example as they seem to contradict each other. If you
> want to restrict a user from deleting a file that's in their home
> directory, then that user can't be the owner of the file.
I want to restrict user from deleting file from HIS home directory. But
because user is owner of his home directory he could delete files even
if the file owner is root.
But may be there is way to restrict file deletion in such conditions?
|
|
|
0
|
|
|
|
Reply
|
Pro
|
8/4/2004 6:15:24 AM
|
|
In article <2nbd7tFt4tuuU1@uni-berlin.de>, Pro <Pro@example.net> wrote:
> "Michael Vilain <vilain@spamcop.net>" wrote:
> > In article <2n9os4Fug3bcU1@uni-berlin.de>, Pro <Pro@example.net> wrote:
> >
> >
> >>Hello All!
> >>
> >>I want to restrict users to delete _one_ file from they own home directory.
> >>Is it possible on UFS ?
> >>
> >>----------------- cUT here ------------------------
> >>/export/home/User2$ ls -l anyfile
> >>-rwxr-xr-x 1 root root 53 Aug 2 11:17 anyfile
> >>/export/home/User2$ whoami
> >>User2
> >>/export/home/User2$ rm anyfile
> >>rm: anyfile: override protection 755 (yes/no)?
> >>----------------- cUT here ------------------------
> >>
> >>WBR, Andrei.
> >
> >
> > If they own the directory, they can write to it. Therefore, they can
> > delete files from it. It's unclear what you want to do from your
> > description and example as they seem to contradict each other. If you
> > want to restrict a user from deleting a file that's in their home
> > directory, then that user can't be the owner of the file.
> I want to restrict user from deleting file from HIS home directory. But
> because user is owner of his home directory he could delete files even
> if the file owner is root.
> But may be there is way to restrict file deletion in such conditions?
No, AFAIK, there isn't. If you take backups, this won't be a problem.
Any user stupid enough to delete their own directory should have their
expectations set to limit how much work they've actually lost (e.g.
what's your backup cycle).
"It's impossible to make something foolproof because fools are so
ingenious"
--
DeeDee, don't press that button! DeeDee! NO! Dee...
|
|
|
0
|
|
|
|
Reply
|
Michael
|
8/4/2004 8:17:46 AM
|
|
Pro <Pro@example.net> wrote in message news:<2n9os4Fug3bcU1@uni-berlin.de>...
> Hello All!
>
> I want to restrict users to delete _one_ file from they own home directory.
> Is it possible on UFS ?
>
Hello,
If the user owns the directory I don't know how you could stop the
user from deleting a file within the directory regardless of the
file's ownership and permissions. In fact I think you cannot.
Two possible solutions for your problem:
1) - modify the ownership of the home directory - for example make
root the
owner
- make the directory sticky bit (see sticky(5) for details)
- allow the user full permissions to the home directory - either
through
the group permissions (maybe with user private group) or with
ACLs
(see setfacl(1) )
- create the file in the home directory with a owner different than
the user
2) - create a directory owned by root in the user's home directory -
say
rootdir; give only read/execute permissions on rootdir for the
user
- create your file in this directory
In this second variant the file is not directly under the home dir
but
maybe this isn't so important for you.
I didn't actually test these but think they should work
Vlad Grama.
|
|
|
0
|
|
|
|
Reply
|
vgrama
|
8/4/2004 11:56:27 AM
|
|
In article <7f6f1725.0408040356.18de8d54@posting.google.com>,
Vlad Grama <vgrama@gmail.com> wrote:
[...]
>Two possible solutions for your problem:
[...]
>2) - create a directory owned by root in the user's home directory - say
> rootdir; give only read/execute permissions on rootdir for the user
> - create your file in this directory
This doesn't stop the user doing
mv rootdir i_do_not_want_rootdir
As long as the .. link doesn't change, rename(2) does not need access to
the directory being renamed.
Chris Thompson
Email: cet1 [at] cam.ac.uk
|
|
|
0
|
|
|
|
Reply
|
cet1
|
8/4/2004 8:24:39 PM
|
|
|
5 Replies
202 Views
(page loaded in 0.472 seconds)
Similiar Articles: panic[cpu1]/thread=140a000: vfs_mountroot: cannot mount root ...All rights reserved. Use is subject to license terms. Cannot mount root on /pseudo/md@0:0,10,blk fstype ufs panic[cpu1]/thread ... Mount a UFS partition into a ZFS ... Solaris 8: Cannot rm, chmod, chown, or do anything as Root - comp ...... useful documentation would be greatly > appreciated. man mount man mount_ufs ... Cannot rm, chmod, chown, or do anything as Root - comp ... tar: /dev/rmt/0m: Permission ... chmod and file timestamp - comp.unix.solaris... think ls -lac works There are three times tracked by the file's inode on UFS ... The UNIX and Linux Forums I have seen some misinformation regarding Unix file permissions. Solaris 9: Cannot assemble drivers, cannot mount root - comp.unix ...All rights reserved. Use is subject to license terms. Cannot assemble drivers for root ... scsi@3/disk@0,0:a Cannot mount root on /pci@1f,4000/scsi@3/disk@0,0:a fstype ufs ... booting solaris in single user mode with root filesystems read ...All rights reserved. Use is subject to license terms. root filesystem type [ufs]: Enter physical name of root device ... I mean Solaris did more than once when the ufs ... How to increase write speed to local hard drive? - comp.unix ...One of the high points in the feature list from solaris 8 to solaris 9 was UFS ... I think most problems are fixed. ... permissions issue with the _mysql user can't write to ... Can I create ZFS snapshots on another pool? - comp.unix.solaris ...Depends on sparse files and exotic permission bits etc but I suspect these wont be ... you gave spare disks, you can create a version 1 pool and ... going to use a UFS ... ZFS web gui - comp.unix.solaris... Solaris v10 10/08, Java v5.0 Update 16, ZFS on an 80gig drive mounted on UFS 80 gig ... no application is registered with this sun java web console or I don't have rights" I ... Solaris 10: 500gb USB drive issue - comp.sys.sun.adminI tried to mount my 500gb extral usb hard drive in Solaris 10, but I can't mount it, maybe I don't know how to do it. Here is what I did, please advis... NFS mounts not largefiles by default? - comp.unix.solaris ...As I sit here writing this, I notice that the permissions on the mount point for the new ... are the cause of this, but this machine is not ... dev/dsk/c0t2d0s4 /var ufs rw ... Volumes - FreenasIf you wish to control user/group access to an existing UFS volume, ZFS pool, or ZFS dataset, see the section Setting Permissions. If your hardware supports multipath ... Access Control in UFS | The Solaris UFS File System | InformITThis scheme is flexible when file access permissions align with users and groups of users, but it does not provide a mechanism to assign access to lists of users that ... 7/25/2012 4:41:04 AM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
78 followers. 