Date: Tue, 10 Apr 2007 17:58:44 -0400 From: Parv <parv@pair.com> To: Gore Jarold <gore_jarold@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: Append only directory ? Is this possible with unix permissions ? Message-ID: <20070410215844.GA9970@holestein.holy.cow> In-Reply-To: <651324.93642.qm@web63013.mail.re1.yahoo.com> References: <651324.93642.qm@web63013.mail.re1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
in message <651324.93642.qm@web63013.mail.re1.yahoo.com>, wrote Gore Jarold thusly... > > I have a user whose home directory I would like to make "append > only". See chflags(1), getfacl(1), and setfacl(1). > That is to say, they cannot delete files, or delete information > from files, but they _can_ create new files or append information > to existing files. If you set sappnd flag (via chflags) on a directory, then nobody will be able to delete any pre-existing files (or files created later) in that directory. However, any file in that directory can still be truncated to size of 0. If set the same flag on a file, then that particular file cannot be deleted or truncated, only be appeneded. So you may need to set the sappnd flag at least on each file. > Or, if that is not possible, at the very least I wouldlike the > ability to create new files, while not being allowed to delete any > files. > > Is this possible with unix permissions ? Is it possible in the > freebsd filesystem in any way at all ? The sticky bit, as mentioned in other reply, will limit file modifications, including deletion, to the owner of the file. In case like this ACLs seem to be most appropriate. FreeBSD 5.0 included "a complete ACL implementation based on extended attributes for the UFS and UFS2 file systems". See also acl(9) which lists the appropriate kernel option (UFS_ACL). - Parv --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070410215844.GA9970>