Results 1 to 5 of 5

Thread: ACLs - modify only ?

  1. #1
    Join Date
    Mar 2007
    Beans
    112
    Distro
    Ubuntu 18.04 Bionic Beaver

    ACLs - modify only ?

    Hi all,

    I'm trying to fine tune user permissions with my data files. In addition to UGO, I have enabled acl in fstab, but I may be missing something as I cannot yet achieve what I want.

    What I'm trying to do :
    In a folder /Data, I would like to allow all group members to create, read and modify files. At the same time, I would like to allow only user1 and user2 to delete files.

    So far : I've tried setting the sticky bit to /Data - this does indeed restrict delete perms to the file owner (say user1). I've tried using acl to add user2 with rwx perms both on /Data and a test file within - but no success.

    Can somebody help me out?

    Thanks,
    Egg
    Last edited by MrEgg; February 16th, 2010 at 05:41 PM. Reason: Trying to add clarity to my question

  2. #2
    Join Date
    Mar 2007
    Beans
    112
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: ACLs - modify only ?

    Update :

    I am now able to allow only 2 users to delete files from a folder :
    • sticky bit set for the folder
    • user1 : owner of the folder
    • user2 : owner of the files within in the folder


    It says in linux.org that :
    If the sticky bit is set on a directory, then a user may only delete files that the he owns or for which he has explicit write permission granted, even when he has write access to the directory.
    What if I now want to give user3 the same delete privileges as those of user1 and user2 ?

    How do you explicitly grant write permissions to a user, other than making her the directory owner or the file owner ?

    Thanks,
    Egg

  3. #3
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: ACLs - modify only ?

    Try these links :

    http://ubuntuforums.org/showthread.php?t=145741

    This link is a nice discussion, see pot #9 for ACL.

    GUI tool : eiciel

    http://linuxpoison.blogspot.com/2008...or-eiciel.html
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  4. #4
    Join Date
    Mar 2007
    Beans
    112
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: ACLs - modify only ?

    Thanks for your reply and for pointing out Eiciel, which I had tried. It's nice to have a graphical tool, but I haven't seen any added value over setfacl and getfacl (aside from the gui of course).

    My main concern unfortunately remains: How can I prevent users from deleting files from a specified folder, while at the same time allowing them to create new files and modify existing ones? And how can then I elect specific users with the delete permission?

    To my understanding - please correct me if I'm wrong - ACL (and UGO for that matter) does not make any difference between write and delete : if a user has the w permission at directory level, he will be able to delete any file within that directory, regardless of ownership - unless the sticky bit is set.

    So, what I've done so far, to complete post #2, is to write a script which is run periodically (preferably at night, when users are no longer logged in), in which users lose file ownership to user2, and lose subdirectory ownership to user1. That way, user2 and user1 are the only users able to delete files within the /Data structure. At the same time, the files' perms remain 660 and the subdirectories 770.

    My little scheme works for now, and today I'm happy. But what if later on I need to add a user3 with the same delete permission - what do I do then?

    I have tried granting user3 write perms with
    Code:
    setfacl -m u:user3:rw testfile.txt
    but it didn't seem to work.

    I know, I know, I'm asking for much... but with Linux everything always seems possible - it has totally spoiled me into always wanting more
    Last edited by MrEgg; February 16th, 2010 at 06:23 PM.

  5. #5
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: ACLs - modify only ?

    As far as I know, if you can write the file you can delete it. I am not aware of any method to separate these privileges beyond what you are doing.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •