From owner-freebsd-questions@FreeBSD.ORG Mon Mar 22 14:03:18 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A128616A4CE for ; Mon, 22 Mar 2004 14:03:18 -0800 (PST) Received: from smtp02corp.interwoven.com (smtp02corp.interwoven.com [65.161.4.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3104D43D2D for ; Mon, 22 Mar 2004 14:03:18 -0800 (PST) (envelope-from aelmore@interwoven.com) Received: from exbesv01.Interwoven.com (localhost [127.0.0.1]) i2MM3FEe010354 for ; Mon, 22 Mar 2004 14:03:16 -0800 (PST) Received: from relax.amer.interwoven.com ([10.192.9.96]) by exbesv01.Interwoven.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 22 Mar 2004 14:03:15 -0800 Received: (from aelmore@localhost)i2MM3FmZ071955 for freebsd-questions@freebsd.org; Mon, 22 Mar 2004 14:03:15 -0800 (PST) (envelope-from aelmore) Date: Mon, 22 Mar 2004 14:03:15 -0800 From: Andrew Elmore To: freebsd-questions@freebsd.org Message-ID: <20040322220315.GC55952@interwoven.com> References: <091701c41052$cdaa9dd0$37cba1cd@emerytelcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <091701c41052$cdaa9dd0$37cba1cd@emerytelcom.com> User-Agent: Mutt/1.4i X-Message-Flag: 0123456789abcdefghijklmnopqrstuvwxyz X-OriginalArrivalTime: 22 Mar 2004 22:03:15.0969 (UTC) FILETIME=[7A172F10:01C41059] Subject: Re: directories like Hotel California X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2004 22:03:18 -0000 On Mon, Mar 22, 2004 at 02:15:29PM -0700, Elliot Finley wrote: > I have a directory that I export via NFS. I want people to be able to do a > directory listing to see whats there. I also want them to be able to copy > files into this directory. but I don't want them to be able to copy files > out of this directory. > > I don't see any way to accomplish this with file permissions. Am I missing > something? The file permissions model allows you to accomplish this, but you'll have to change permissions on the files as well. The permissions on the directory should be writable by everyone, but the "sticky bit" will be set so that nobody except the owner of the directory, or the owner of a file will be able to delete files. $ mkdir directory $ chmod ugo+rwxt directory $ ls -ld directory drwxrwxrwt 2 aelmore users 512 Mar 22 13:53 directory $ You will need to make sure that each file within the directory is not readable by anyone (because to copy out implies reading the file). $ touch directory/file $ chmod ugo-rwx directory/file $ cp directory/file /tmp cp: directory/file: Permission denied $ Note that the owner of the file is allowed to delete that file. Hope this helps. AE