Thanks for your reply and for pointing out Eiciel, which I had tried. It's nice to have a graphical tool, but I haven't seen any added value over setfacl and getfacl (aside from the gui of course).
My main concern unfortunately remains: How can I prevent users from deleting files from a specified folder, while at the same time allowing them to create new files and modify existing ones? And how can then I elect specific users with the delete permission?
To my understanding - please correct me if I'm wrong - ACL (and UGO for that matter) does not make any difference between write and delete : if a user has the w permission at directory level, he will be able to delete any file within that directory, regardless of ownership - unless the sticky bit is set.
So, what I've done so far, to complete post #2, is to write a script which is run periodically (preferably at night, when users are no longer logged in), in which users lose file ownership to user2, and lose subdirectory ownership to user1. That way, user2 and user1 are the only users able to delete files within the /Data structure. At the same time, the files' perms remain 660 and the subdirectories 770.
My little scheme works for now, and today I'm happy. But what if later on I need to add a user3 with the same delete permission - what do I do then?
I have tried granting user3 write perms with
Code:
setfacl -m u:user3:rw testfile.txt
but it didn't seem to work.
I know, I know, I'm asking for much... but with Linux everything always seems possible - it has totally spoiled me into always wanting more
Bookmarks