[Gllug] [OT ?] Filesystem ACLs

Mike Brodbelt mike at coruscant.demon.co.uk
Tue Aug 10 11:44:23 UTC 2004


On Tue, 2004-08-10 at 12:31, Ashley Evans wrote:
> Some admins in the office wanted to setup a "modify but not delete" sort 
> of setup on a client's server.
> 
> My thoughts are that this is an utterly stupid thing to do because if 
> you can modify the file then it's possible to delete the data by opening 
> the file.
> 
> Am I missing something?

No, I don't think so. You can of course give them write permission to
the file, but not to the parent directory, which would allow them to
modify the file but not delete it, but as you point out, this is pretty
much worthless, and will probably not sit well with programs that want
to manipulate directory entries.

To achieve anything useful, you'd probably have to intercept open calls,
and make a safe copy of the file before allowing them to do anything.

Mike.

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list