[lug] Permissions: Guard Directories but allow File changes
David L. Anselmi
anselmi at anselmi.us
Tue Feb 3 22:52:39 MST 2009
Lee Woodworth wrote:
> Gordon Golding wrote:
>
>> I have someone (an OTHER person) who I want to be able to change files
>> in every sub-/directory, but I want to protect the directories
>> themselves.
>
> Not exactly clear on what you are asking.
[...]
> The result of this is that anyone can modify the files in the
> directory tree, but they can't rename or change permissions on files,
> or create/delete files or directories in the tree.
If this is what you want you're set. If you want the users to be able
to create/delete files but not directories, that can't be done with
POSIX permissions.
The reason is that create/delete/rename are operations on a directory
(controlled by the directory permissions), not on a file. Within a
directory files and directories are identical so it isn't possible to
have different permissions for them.
SELinux may have a mechanism to do what POSIX can't.
Dave
More information about the LUG
mailing list