deny deleting a file for users.. trying a solution
From: Sandra Hernandez (sandra_at_fib.upc.es)
Date: Mon, 02 Jun 2003 19:50:55 +0200 To: firstname.lastname@example.org
First of all, thank you very much for all the responses..
I'll try to resume what I have tested..
First of all, a brief description of the problem: I want to make the file mbox
undeletable for users (but users still can remove,add,modify data in file), and this
file is into $HOME/nsmail directory.
1) I've tried with chattr, but option +i or +a applied to the file presents some
problems when users tries to delete part of the data (in this case when want to
delete a mail). I've tried to apply chattr to directory, but then the user can't
create new mailboxes (draft,sent,...)
2) The case to change permissions was complicated because the directory nsmail is in
the HOME directory of the user so it's owned by him/herself not root. But finally, I
think it's a good solution, because user can modify data in file, but can't delete
mbox and it isn't very complicated (because users can access via
samba,ssh,webmail,..). It has only one problem if user knows about chmod and chown
can change permissions of directory because is in his/her HOME (obviouslly owned by
the user) but normally they don't know about this commands.
Well, permissions of files and directories are:
rwxr-x--- user:user_group .
rwxrwxr-t root:user_group nsmail
rw-rw---- root:user_group nsmail/mbox
rw-rw---- user:user_group nsmail/sent
rw-rw---- user:user_group nsmail/drafts
Perhaps, it's the best option, while chattr +u is not implemented in kernel..
Thank you very much!
PD: We are going to continuing making backups every night ;o)