How to allow users to create and delete file(s) / folder(s), but not modify them?
This is definitely possible. First, change /db-data
's group to app-data
:
sudo chgrp -R app-data /db-data
Now set up the permissions:
sudo chmod -R g+rwx /db-data
sudo chmod -R g-w /db-data/archived-data/*
sudo find /db-data/archived-data -type d -exec 'chmod' 'g+rwx' '{}' ';'
sudo chmod -R g+rwx /db-data
givesapp-data
full permissions to/db-data
and everything inside itsudo chmod -R g-w /db-data/archived-data/*
removesapp-data
's write permissions for everything inside/db-data/archived-data
- Finally,
sudo find /db-data/archived-data -type d -exec 'chmod' 'g+rwx' '{}' ';'
restoresapp-data
's write permissions for every directory in/db-data/archived-data
(but not the files inside those directories), which is necessary to letapp-data
create and delete any files or directories inside/db-data/archived-data
.
Now anyone in app-data
will be able to read, execute, create, and delete files or directories in /db-data/archived-data
(including sub-directories deeper than 1 level; i.e. app-data
will be able to create and delete files in /db-data/archived-data/a/b/
). If you don't want app-data
to have read and/or execute permissions either, change the g-w
in sudo chmod -R g-w /db-data/archived-data/*
to g-rw
for no read permissions, g-wx
for no execute permissions, or g-rwx
for no permissions at all (if you do this after running the find
command, you will have to re-run it).
Finally, note that if a user in app-data
creates a file or directory, he/she will be able to modify the file/directory that he/she created (but existing files will still be unmodifiable).
Related videos on Youtube
Program man
It's my passion and job... So I have to work on all flavors of Linux. I am launching my own company very soon in the IT sector. Thank you all for giving support and to start such a good platform for all Linux users. Ubuntu rocks... :) Please feel free to contact me in case of any query on [email protected]
Updated on September 18, 2022Comments
-
Program man over 1 year
I have created a group name "app-data" and a folder /db-data/archived-data/
I want members of app-data to have all rights on /db-data/ folder but I want the same group users have only create and delete access on /db-data/archived-data/ folder (users should not be able to modify any files or directories in it. but they should be able to create or delete any files or folders they want.
How can we do it. I think this is possible through ACL but please feel free to let me know how can we achive this? using any method I am fine but I want this configuration.
please help.
-
Program man almost 8 yearsUsers should not be able to create files or folder in /db-data folder. will the above thing change that?
-
insert_name_here almost 8 years@Rishee Ah, I thought you meant you wanted
app-data
to have full rights (including creation and deletion) to everything in/db-data
except for/db-data/archived-data
. I will edit my answer shortly with a solution for this. -
Program man almost 8 yearsI'll appreciate it if you can edit the answer to fit the requirements.