How to prevent users from deleting a directory?

by

I tried “chattr +i DIRNAME”, it’s great, but I cannot create files in the DIR after chattr. What else are there to prevent users from deleting a Directory?

<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0a7865657e4a4245595e">[email protected]</a> ~] mkdir test
[<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b8cad7d7ccf8f0f7ebec">[email protected]</a> ~] chattr +i test
[<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="35475a5a41757d7a6661">[email protected]</a> ~] cd test
[<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="097b66667d4941465a5d">[email protected]</a> ~/test] touch sth
touch: cannot touch `sth': Permission denied
[<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ddafb2b2a99d95928e89">[email protected]</a> ~/test] cd ..
[<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="cebca1a1ba8e86819d9a">[email protected]</a> ~] chattr -i test
[<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b6c4d9d9c2f6fef9e5e2">[email protected]</a> ~] cd test
[<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="13617c7c67535b5c4047">[email protected]</a> ~/test] touch sth
[<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="20524f4f5460686f7374">[email protected]</a> ~/test]

UPDATE: only the directory deletion is important, so I still need the files to be deleted in it

Contents hide
Answers:
Method 1
Method 2
Method 3

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Create a file “.protected” and do as root

chattr +i .protected

You can then delete all files except .protected within this directory,
thus the directory can’t be deleted by any other user.

Method 2

chattr +a

should do the job. You can create files inside but you won’t be able to delete them.

Method 3

So what is wrong with a simple chown/chmod?:

cd /tmp
mkdir question
sudo chown root:root question
[sudo] password for user: 
chmod 777 ./question
touch sth
rm sth
cd ..
rm question -rf
rm: cannot remove `question': Operation not permitted

OK, let me tell you what is wrong with this: every user has all access to every file in the question directory due to the 777 permissions. It is better to

  • create a new group groupadd question
  • mkdir question
  • chown root:question ./question
  • chmod 770 ./question
  • add the users that must have access to the files to the new group: usermod -G group user

The important trick here is that the directory has a different owner than any of the users that will try to delete it.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x