Solved

About Directory and File Read and Write Rights

Posted on 2004-03-24
9
283 Views
Last Modified: 2010-04-22
Dear all,

   In is possible have a directory that allow all group member Read and Write, but can delete this directory by group member.
  For example : There have a directory call "Company Excel File". All members in "EXCEL" group can read and write in "Company Excel File" directory, but not allow delete "Company Excel File" directory, how can I do it. I use redhat 9.
   Thanks for you help !

Tommy

0
Comment
Question by:tommyliu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10675061
yes you do

chmod 740 directory
but on the files you do chmod 750
this means they can read the directory and changes the files in the directory.

http://mason.gmu.edu/~montecin/UNIXpermiss.htm this is a good document on file perms on unix/linux.

To make it clear to change a file you do not have to give write access on the directory permissions :)
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10675073
I am wrong 4 is read 5 is read execute 6 is read write 7 is all
So it should be 760 on the files instead of 750. If they need to execute it should be 770.

0
 
LVL 1

Author Comment

by:tommyliu
ID: 10675777
Dear bloemkool1980,
   It is impossible for my case. It is because directory chmod 770, the group user can delete the directory.

Tommy
0
The Orion Papers

Are you interested in becoming an AWS Certified Solutions Architect?

Discover a new interactive way of training for the exam.

 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10675797
I can understand your directory has that rights but is it needed and if so then you cannot do a lot.
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10676301
Let's assume you have the following :

Directory dirs
containing directory excelfiles
containing files

dirs has to be mode 750 (everybody in the group can go there, list directories and files, but not modify the directory content).
excelfiles has to be 770 (everybody in the group can go there, list directories and files, add files, remove files).

This means that, NO, owners and group can not delete a directory based on it's own access rights.
To delete a directory, the parent directory must bear rights allowing users to modify it's own structure.
The reason for that is that deleting a directory (or a file) means affecting the structure of the parent directory (because you modify it's content).
So the one that has to be protected is the parent.

Is that clear ?
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10676312
That is what I said and it seems he would like to have 770 on the directory so then ofcourse you cannot protect the directory from being deleted.
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10676689
I'm sorry, but, yes, you can.
Just have the parent directory not in mode 770. Looks like that's the author is looking for.
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10676767
I you like to have your directory in 770 you cannot do what he tells duhuh
0
 
LVL 14

Accepted Solution

by:
xberry earned 50 total points
ID: 10682137
Hi tommy,

login as root

mkdir /Company_Excel_File directly under / or any other directory that can only be accessed & manipulated by the Systemadministrator, for instance /opt. In any case make sure that parent directories of your directory is group & owner 'root' only.
Also the directory 'Company_Excel_File' should have owner & group "root", only.
Elsewise do chgrp and chown root Company_Excel_File.
Then:
# chmod 775 /Company_Excel_File              or: chmod 775 /(your path)
# chmod -R 777 /Company_Excel_File/*        or: chmod -R 777 /(your path)/*
# chgrp -R EXCEL /Company_Excel_File/*     or: chgrp - R EXCEL /(your path)/*





0

Featured Post

Is Your Team Achieving Their Full Potential?

74% of employees feel they are not achieving their full potential. With Linux Academy, not only will you strengthen your team's core competencies but also their knowledge of of the newest IT topics.

With new material every week, we'll make sure that you stay ahead of the game.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question