From owner-freebsd-questions@FreeBSD.ORG Mon May 26 16:03:34 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF8811065672 for ; Mon, 26 May 2008 16:03:34 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.freebsd.org (Postfix) with ESMTP id C15448FC17 for ; Mon, 26 May 2008 16:03:34 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id C0CD85D17; Mon, 26 May 2008 12:03:33 -0400 (EDT) X-Virus-Scanned: amavisd-new at codefab.com Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7L3ymBeN95W; Mon, 26 May 2008 12:03:32 -0400 (EDT) Received: from [10.152.145.134] (72-165-115-225.dia.static.qwest.net [72.165.115.225]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTPSA id 9AE2F5CFB; Mon, 26 May 2008 12:03:31 -0400 (EDT) From: Chuck Swiger To: Grant Peel In-Reply-To: <2EEC06F1F9B24B31B15CE1DCD095A7C1@GRANT> X-Priority: 3 References: <2EEC06F1F9B24B31B15CE1DCD095A7C1@GRANT> Message-Id: <369C3C67-9A6F-419A-AA25-FA62D8FD3425@mac.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Mon, 26 May 2008 09:03:29 -0700 X-Mailer: Apple Mail (2.919.2) Cc: freebsd-questions@freebsd.org Subject: Re: Required Directories X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2008 16:03:35 -0000 On May 26, 2008, at 7:30 AM, Grant Peel wrote: > I have several servers that the users home directories contain > directories that must exists in order for apache and mail to work > correctly. > [ ... ] > Is there a way (by using either proftpd, or setting sticky bit, or > setting the uimmutable flag), that I can prevent the users from > deleting these directories, and still retain the ability for my > (root run) scripts to have the ability to delete them? I think that if you make the directories immutable, the users won't be able to create new files under them. Using root-owned directories which have 1777 permissions would be workable, except that other users could create files under someone else's homedir, also. It's generally not expected that users would not own the stuff under their homedir, or would not be able to delete their files if they want to, even if doing so would break something. Normally, sysadmins code their scripts to re-create any missing directory hierarchy if needed, so that if a user manages to shoot themselves in the foot, the cron jobs will be able to provide first aid. Regards, -- -Chuck