Dan Widyono on 20 Sep 2004 11:49:02 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Setting directory permissions and umask


If appropriate for your setting, set the sticky bit.  This prevents people
from deleting stuff not owned by them.  Set a cron job (or something) which
chown's everything inside the parent directory.  They can create stuff, which
will soon be chown'ed, and modify stuff already there that doesn't require
deleting, but can't delete any freshly chown'ed files.  This has a built-in
race condition of course, but this may be "good enough".

In my experience the traditional solution for e.g. FTP servers is to have an
upload directory which itself is a subdirectory of some parent directory.
You can then move things manually (or through some automated system based on
something you've worked out, e.g. name the files "excelsior.iolist.c" which
gets moved to the excelsior subdirectory).  This way only the upload
directory has write perms for the group.

Dan W.

On Sun, Sep 19, 2004 at 09:51:52PM -0400, Stephen Gran wrote:
> there.  The problem is that while I want them to be able to upload, I
> don't want them to be able to delete them.

> parent directory (mode 0770)(plus setgid, so I guess really 2770 or so?)

Plus sticky bit == 3770, I believe (man page to confirm).

-- 
-- Daniel Widyono             --
-- www.widyono.net            --
-- www.cis.upenn.edu/~widyono --
-- 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug