Originally Posted by
CharlesA
Good point. Doesn't the sticky bit only prevent deletion from anyone except the owner?
In the post above (#6) I have a link to a page that describes what sui, sgid and sticky bits.
From the chmod man page
Code:
RESTRICTED DELETION FLAG OR STICKY BIT
The restricted deletion flag or sticky bit is a single bit, whose
interpretation depends on the file type. For directories, it prevents
unprivileged users from removing or renaming a file in the directory
unless they own the file or the directory; this is called the
restricted deletion flag for the directory, and is commonly found on
world-writable directories like /tmp.
At the present time the sticky bit is not used for files. In the past it held files in RAM, hence the sticky in "sticky bit".
Edit: To cap this all off -- If you create a file structure that has these 3 things: a. A directory with the sticky bit set on. b. The group forced (sgid)to one that is NOT a group with the samba users in it (i.e webadmin) and c. The file permissions set read and write to the file, those users will be able to read and write to that file, but not delete the file.
The directory should be set to 3775 and the files to 0664. If you want to set this recursively you need to use chmod with symbolic bits, like this
Code:
sudo chmod -R u=rwX,g=rwX,o=r,a=t $somedir
Hint: the large X set eXecute only on the directories.
Bookmarks