Re: deny deleting a file for users
From: Brian Hatch (focus-linux_at_ifokr.org)
Date: Fri, 30 May 2003 16:31:03 -0700 To: Sandra Hernandez <email@example.com>
> I would like to know if there exist any way to deny deleting a file for a
> user, but allow this user accessing, removing parts of this file or append
> We have problems in our systems because some users delete theirs own
> nsmail file without notice what they are doing.
chattr can be used to make a file immutable, but that prevents you from
making any changes. Likewise you could make it openable in append mode
only, but that prevents you from making changes to the existing bits
of the file.
The best thing I can come up with, without kernel mods or LKMs, would be
to write a program that, as root, opens up in read mode all these files
you don't want deleted, and then goes to sleep forever. It will have an
open file descriptor, so when the user accidentally deletes the file,
you can still get it back by copying it out of the /proc entry for the
root "open all files" process, ala
cp /proc/PID/fd/APPROPRIATE_FD /home/idiot/nsmail
However this is a horrible kludge. I suggest that you take good backups
and make them available to the users who delete their files by mistake.
Or, let them feel the pain a few times until they stop doing it.
-- Brian Hatch Thou shalt not compose Systems and limericks at a funeral. Security Engineer www.hackinglinuxexposed.com Every message PGP signed
- application/pgp-signature attachment: stored