Tea Glorious Tea!
upload but not delete permission
Hi all,
Our admin is on sick leave and I'm trying to help.
Got peculiar task to give upload but not delete permission (it's vsftpd if matters, but permission is for regular linux user). Obviously, person who assigned this task is not any linux user.
I understand how to provide write permission:
But what in the world does it mean "not delete"?Code:setfacl -R -m u:user1:rwx /sftp/folder1
Please advise.
Last edited by marchello_lippi2; December 13th, 2019 at 01:17 AM.
<--- Run xman to see that window.
Really, using ACLs shouldn't be needed for 99.99999% of all permissions. The normal chmod method is sufficient with a little pre-thought. I've been a Unix admin 25 yrs and used ACLs 2 times in all those years.
There aren't separate permissions for create and delete in Unix. For that, you need Novell Netware.
Usually the way this is addressed is by allowing new files to be uploaded to a directory, but not allowing any users read access to that same directory. After the upload finishes, using something like inotify, the new file would be processed to ensure it isn't a virus or malware, then moved to a different directory where no users can remove it, but can read the safe file, if that is desired. I'd move the original upload file somewhere else completely so it could be archived and tagged with the upload userid should malware or a virus be traced back to that user later. It is important to have traceability.
That's how I would handle this problem.
BTW, I'm curious. Is this really plain FTP or is it sftp or FTPS? They are very different underneath. Plain FTP should have died around 2002. vsftpd supports plain FTP and FTPS, which is different from sftp. Eh - no matter. Just curious.
Tea Glorious Tea!
That's exactly what I had in my mind, but needed to confirm that linux doesn't provide "write but not delete privileges".Originally Posted by TheFu
Thanks.
Tea Glorious Tea!
It's sftp. I created .pem file and mentioned it in vsftpd configuration. Can't tell deeper, I'm not pro here, just helping our admin.
Ubuntu addict and loving it
You can protect a file saved to a shared directory from being deleted by other users with rights to the shared directory using something called the "sticky" bit. I don't know of any way to allow a user to upload but not delete a file he or she creates.
If the files were transferred using Samba, you can use the "create mode" directive to allow uploads without deletes to a Samba share.
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
Tea Glorious Tea!
Thanks, I explained them about operating system limitation and they clarified the task, so that "upload but not delete" is not needed anymore. They are ok with just read/write for one group of users and read-only for the other one. Grin.
Adv Reply
Bookmarks