I tried “chattr +i DIRNAME”, it’s great, but I cannot create files in the DIR after chattr. What else are there to prevent users from deleting a Directory?
<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0a7865657e4a4245595e">[email protected]</a> ~] mkdir test [<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b8cad7d7ccf8f0f7ebec">[email protected]</a> ~] chattr +i test [<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="35475a5a41757d7a6661">[email protected]</a> ~] cd test [<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="097b66667d4941465a5d">[email protected]</a> ~/test] touch sth touch: cannot touch `sth': Permission denied [<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ddafb2b2a99d95928e89">[email protected]</a> ~/test] cd .. [<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="cebca1a1ba8e86819d9a">[email protected]</a> ~] chattr -i test [<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b6c4d9d9c2f6fef9e5e2">[email protected]</a> ~] cd test [<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="13617c7c67535b5c4047">[email protected]</a> ~/test] touch sth [<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="20524f4f5460686f7374">[email protected]</a> ~/test]
UPDATE: only the directory deletion is important, so I still need the files to be deleted in it
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Create a file “.protected” and do as root
chattr +i .protected
You can then delete all files except .protected within this directory,
thus the directory can’t be deleted by any other user.
Method 2
chattr +a
should do the job. You can create files inside but you won’t be able to delete them.
Method 3
So what is wrong with a simple chown/chmod?:
cd /tmp mkdir question sudo chown root:root question [sudo] password for user: chmod 777 ./question touch sth rm sth cd .. rm question -rf rm: cannot remove `question': Operation not permitted
OK, let me tell you what is wrong with this: every user has all access to every file in the question directory due to the 777 permissions. It is better to
- create a new group
groupadd question mkdir questionchown root:question ./questionchmod 770 ./question- add the users that must have access to the files to the new group:
usermod -G group user
The important trick here is that the directory has a different owner than any of the users that will try to delete it.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0