Hello there, I have the following problem. I need a user not to be able to delete (rm -rf) a dir inside his home directory (a dir which is owned by him). The sticky bit is supposed to do just that... and it does, in every part of the file system but in his home. Same goes for acls (setfacl -m u:user:rx dir), a rm -rf inside his directory will render the acls useless. Is there any workaround against that?
On Mon, 02 Jun 2008 00:37:43 +0300 "lucian@lastdot.org" lucian@lastdot.org wrote:
Is there any workaround against that?
Use chattr to set it as an immutable file.
On Sun, 01 Jun 2008 15:45:21 -0600 Frank Cox theatre@sasktel.net wrote:
On Mon, 02 Jun 2008 00:37:43 +0300 "lucian@lastdot.org" lucian@lastdot.org wrote:
Is there any workaround against that?
Use chattr to set it as an immutable file.
Ah.. yes, I forgot about that. Chattr is not an option (I need to automate some dir deletions and i cant do that, not even as root if I use chattr). All I need is to get acls working the way they should (and prevent rm -rf). Thanks for your reply.
lucian@lastdot.org wrote:
On Sun, 01 Jun 2008 15:45:21 -0600 Frank Cox theatre@sasktel.net wrote:
On Mon, 02 Jun 2008 00:37:43 +0300 "lucian@lastdot.org" lucian@lastdot.org wrote:
Is there any workaround against that?
Use chattr to set it as an immutable file.
Ah.. yes, I forgot about that. Chattr is not an option (I need to automate some dir deletions and i cant do that, not even as root if I use chattr). All I need is to get acls working the way they should (and prevent rm -rf). Thanks for your reply.
what if you set the group access to root; i.e. username.root. E.g. SGID http://www.linuxquestions.org/questions/linux-general-1/what-is-sticky-bit-m...
-
Frank Cox -
lucian@lastdot.org -
Mark Weaver