From owner-freebsd-hackers Wed May 14 15:02:00 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id PAA08098 for hackers-outgoing; Wed, 14 May 1997 15:02:00 -0700 (PDT) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA08081 for ; Wed, 14 May 1997 15:01:56 -0700 (PDT) Received: (from daemon@localhost) by alpo.whistle.com (8.8.5/8.8.5) id PAA22776 for ; Wed, 14 May 1997 15:00:31 -0700 (PDT) Received: from current1.whistle.com(207.76.205.22) via SMTP by alpo.whistle.com, id smtpd022772; Wed May 14 22:00:24 1997 Message-ID: <337A35E7.5656AEC7@whistle.com> Date: Wed, 14 May 1997 15:00:07 -0700 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386) MIME-Version: 1.0 To: hackers@freebsd.org Subject: RFC.. Proposal.. file flag No-delete Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Here is the situation.. a skeleton of directories and files which must not be removed except by root, intermixed with files that should be able to be added and removed by users of a particular group. (M) = directory [N] = file (A)----(B)----[C] | \-(D) We want non root members of group 'x' to be able to add files or directories to directories A, B or D, and delete them again, however they must not be able to delete A,B,C, or D non members of group 'x' must only be able to write into D in the case where D is owned by them. (D represents several directories with different owners(e.g. home directories)) this seems to be an easy problem, but it turns out that it is not immediatly solvable using standard semantics. I would like to suggest one of two changes. 1/ I cannot see a definition of the SUID bit in directories.. possibly extending this to mean "Directory not deletable except by owner(or root)" might allow me to get 99% of what I need. 2/ alternatively adding a flag "nodelete". noschg is too severe as I want the goup 'x' members to be able to add and delete entries to these directories, and "append-only" doesn't work because I want them to be able to delete any files they added. I would imagine the "nodelete" flag affecting only the unlink(), rmdir() and rename() calls. basically I need to be able to set up a skeleton that cannot be alterd or removed, but can be added to by non root users. comments? fruit? would it be of general use? does it break the P.O.L.A? as an extension, does it break posix or anything? julian