I have a folder with drwxrwxr-x permissions, where the owner is uploading his own files.
I want to upload on that directory a readme file. The owner of the folder shouldn't have the right to delete that file. How I can do that? What rights should I set for the directory & for the file.
There are ways of doing this with ACLs, but the easiest way, if your OS supports it, is to make readme an immutable file. A file with the immutable flag can't be modified, deleted, or renamed, even by the owner or the owner of the containing directory. On Linux, this would be done with sudo chattr +i /path/to/directory/readme. On Linux, not even the owner of a file can remove the immutable flag (well, unless the owner can run a process with the CAP_LINUX_IMMUTABLE capability).
The file should have drwxr--r--, this way only you, the owner of the file, have the ability to delete it.
chmod 744 <file>
Related
My /home directory is having very less memory. But some of my programs which are running in production will create dynamic files in '/home' directory.
The problem is if it reaches to 100% then my program doesn't work. So I have to manually go and delete the files or copy the files.
So rather than doing that I want to redirect the files from '/home' to '/tmp' directory in unix by default.
Please give me some thoughts.
You have at least two ways to do:
if you can config your program to export files to other dir, do this.
if you cannot do anything on the program, you can create a cron job, remove/cp those files automatically
If the program creates files under it's own directory, you can create a symlink:
# Create directory in /tmp
mkdir /tmp/myprog
# Set permissions
chown "${USER}:${USER}" /tmp/myprog
chmod -R o-x /tmp/myprog
# Create symlink at /home/myprog
ln -s /tmp/myprog "${HOME}/myprog"
Is there a way to chmod 777 the contents of a tarfile upon creation (or shortly thereafter) before distributing? The write permissions of the directory that's being tar'd is unknown at the time of tar'ing (but typically 555). I would like the unrolled dir to be world writable without the users who are unrolling the tar to have to remember to chmod -R 777 <untarred dir> before proceeding.
The clumsy way would be to make a copy of the directory, and then chmod -R 777 <copydir> but I was wondering if there was a better solution.
I'm on a Solaris 10 machine.
BACKGROUND:
The root directory is in our ClearCase vob with specific file permissions, recursively. A tarfile is created and distributed to multiple "customers" within our org. Most only need the read/execute permissions (and specifically DON'T want them writable), but one group in particular needs their copy to be recursively writable since they may edit these files, or even restore back to a "fresh" copy (i.e., in their original state as I gave them).
This group is somewhat technically challenged. Even though they have instructions on the "how-to's" of the tarfile, they always seem to forget (or get wrong) the setting of the files to be recursively writable once untarred. This leads to phone calls to me to diagnose a variety of problems where the root cause is that they forgot to do (or did incorrectly) the chmod'ing of the unrolled directory.
And before you ask, yes, I wrote them a script to untar/chmod (specific just for them), but... oh never mind.
So, I figured I'd create a separate, recursively-writable version of the tar to distribute just to them. As I said originally, I could always create a copy of the dir, make the copy recursively writable and then tar up the copy dir, but the dir is fairly large, and disk space is sometimes near full (it can vary greatly), so making a copy of the dir will not be feasable 100% of the time.
With GNU tar, use the --mode option when creating the archive, e.g.:
tar cf archive.tar --mode='a+rwX' *
But note that when the archive is extracted, the umask will be applied by default. So unless the user's umask is 000, then the permissions will be updated at that point. However, the umask can be ignored by using the -p (--preserve) option, e.g.:
tar xfp archive.tar
You can easily change the permissions on the files prior to your tar command, although I generally recommend people NEVER use 777 for anything except /tmp on a unix system, it's more productive to use 755 or worst case 775 for directories. That way you're not letting the world write to your directories, which is generally advisable.
Most unix users don't like to set the permissions recursively because it sets the execute bit on files that should not be executable (configuration files for instance) to avoid this they invented a new way to use chmod some time ago, called symbolic mode. Reading the man page on chmod should provide details, but you could try this:
cd $targetdir; chmod -R u+rwX,a+rX .; tar zcvf $destTarFile .
Where your $targetdir is the directory you are tarring up and $destTarFile is the name of the tar file you're creating.
When you untar that tar file, the permissions are attempted to be retained. Certain rules govern that process of course - the uid and gid of the owner will only be retained if root is doing the untaring, but otherwise, they are set to the efective uid and gid of the current process.
I am trying to move a file from one directory to other by command line.I used this command
raghul#raghul-Aspire-5750Z:~/temp/newfolder$ mv copy.txt /temp/
I got error like this
cannot create regular file '/temp': Permission denied
Can someone help me to figure this out? I need to move a file from one directory to other.
First of all you are using the copy command cp, not the move command mv.
Secondly you are trying to copy the file to a new file named /temp, ie. a file named temp in the / directory. This resides in the filesystem's root directory, which is mostly likely owned by root. Unless you have root permissions you can not write to the root directory.
Given that you are naming the file temp, I assume that you want to move the file to the /tmp directory, for which you will have permission to write to. Do this:
$ mv copy.txt /tmp
This will work only if you also have write permission on the file copy.txt because you need to be able to remove it. If you just wanted to copy the file, just read permission is required.
Otherwise, if you really do wish to move the file to a /temp directory, you can use sudo to do that, provided that you are set up as a sudo user:
$ sudo mv copy.txt /temp
[sudo] password for raghul
I just noticed that you're in a personal directory called ~/temp/newfolder. Is that the temp you're trying to move the file to: your personal one, in which onefolder is in? So you want to move the file up one directory?
Then the problem is that your command is missing the 'personal' tag ~. The command should be:
mv copy.txt ~/temp/
Try moving it with sudo command as it seems you don't have permission to move the file.
If you are requested for a password enter the root's password.
Try this:
sudo cp copy.txt /temp/
Try this: change /temp to
mv index.text temp
i'm trying to make a file removable just by root user In mac 10.10.
i was try this :
chown root <fileName>
but other user can remove it;
any idea?
As an alternative to changing the permissions on the containing directory, you can set the uimmutable flag on the file:
sudo chown root foo
sudo chflags uimmutable foo
Now only root will be able to delete foo. Note, though, that nobody will be able to modify the file, either. Root could remove the uimmutable flag and then modify it, of course, but that opens a window for others to delete it.
The act of removing an entry in a directory modifies the directory, but not the file. (When you remove a file, you are unlinking the name from the file and the link count on the file is decremented. The file itself may not be deleted, but will no longer be accessible by the name that was removed.) In order to ensure that only some process with root privilege can unlink a file, you need to modify the permissions on the directory. So to ensure that no-one but root can delete the file /p/a/t/h/file:
sudo chown root /p/a/t/h # make root the owner of the directory
sudo chmod og-w /p/a/t/h # remove write permissions from other and group
Note that this is less fine grained that you might like and will prevent non-root users from removing or creating any files in /p/a/t/h.
I have used chmod 0000 on a directory yet the directory can still be renamed. How can I prevent a user from modifying the name of a directory?
Removing write permission on the parent directory should do the trick.
If you own a file (or directory) you can still perform various operations on it regardless of permissions including mv, rm and chmod. Other users cannot perform these options based on write permissions. If you want to prevent the owner from moving the directory, you can't. The owner can always use chmod on the file. The only solution would be to change the owner of the file or move the file under a write-protected directory that the user does not own.