How to allow users to create and delete file(s) / folder(s), but not modify them?

permissions files directory restricted-access acl

16,594

This is definitely possible. First, change /db-data's group to app-data:

sudo chgrp -R app-data /db-data

Now set up the permissions:

sudo chmod -R g+rwx /db-data
sudo chmod -R g-w /db-data/archived-data/*
sudo find /db-data/archived-data -type d -exec 'chmod' 'g+rwx' '{}' ';'

sudo chmod -R g+rwx /db-data gives app-data full permissions to /db-data and everything inside it
sudo chmod -R g-w /db-data/archived-data/* removes app-data's write permissions for everything inside /db-data/archived-data
Finally, sudo find /db-data/archived-data -type d -exec 'chmod' 'g+rwx' '{}' ';' restores app-data's write permissions for every directory in /db-data/archived-data (but not the files inside those directories), which is necessary to let app-data create and delete any files or directories inside /db-data/archived-data.

Now anyone in app-data will be able to read, execute, create, and delete files or directories in /db-data/archived-data (including sub-directories deeper than 1 level; i.e. app-data will be able to create and delete files in /db-data/archived-data/a/b/). If you don't want app-data to have read and/or execute permissions either, change the g-w in sudo chmod -R g-w /db-data/archived-data/* to g-rw for no read permissions, g-wx for no execute permissions, or g-rwx for no permissions at all (if you do this after running the find command, you will have to re-run it).

Finally, note that if a user in app-data creates a file or directory, he/she will be able to modify the file/directory that he/she created (but existing files will still be unmodifiable).

16,594

Program man

It's my passion and job... So I have to work on all flavors of Linux. I am launching my own company very soon in the IT sector. Thank you all for giving support and to start such a good platform for all Linux users. Ubuntu rocks... :) Please feel free to contact me in case of any query on [email protected]

Updated on September 18, 2022

Comments

Program man over 1 year

I have created a group name "app-data" and a folder /db-data/archived-data/

I want members of app-data to have all rights on /db-data/ folder but I want the same group users have only create and delete access on /db-data/archived-data/ folder (users should not be able to modify any files or directories in it. but they should be able to create or delete any files or folders they want.

How can we do it. I think this is possible through ACL but please feel free to let me know how can we achive this? using any method I am fine but I want this configuration.

please help.
Program man almost 8 years

Users should not be able to create files or folder in /db-data folder. will the above thing change that?
insert_name_here almost 8 years

@Rishee Ah, I thought you meant you wanted app-data to have full rights (including creation and deletion) to everything in /db-data except for /db-data/archived-data. I will edit my answer shortly with a solution for this.
Program man almost 8 years

I'll appreciate it if you can edit the answer to fit the requirements.