I have a Unix File System in which I would like to emulate a OS X like Home folder where I have a 'Public' subfolder that is writeable for all but where no Files can be deleted.
I installed ACL on the system and modified the /etc/fstab to mount it with acl rights.
When I now look at the permissions on OS X home folder with ls -le
0 drwxr-xr-x+ 5 cb0 staff 170 17 Nov 23:46 Public
0: group:everyone deny delete
My first question is if there is an equal command on Linux to get this list because the -e
option does not exist on Linux Systems.
The next problem is the option group:everyone deny delete
, I think this tells ACL on OS X that only the users of the group can delete files in there.
How can I achieve this on a Linux machine ? I cannot add additional information to setfacl
, or is there any other command to achieve this ?
Thanks indeed
The corresponding linux commands are :
Now, I don't know OSx all that well, but when I read those ACLs I see something different. To me, "group: everyone deny delete" would be a rule that states that members of the "everyone" group are denied the ability to delete files.
On linux, however, there is no such thing as "deny delete". The ability to delete is granted by the ability to write. Therefore, if you want to deny delete you also have to deny write which may not be exactly what you're looking for. Then again, you have to figure that it makes sense ... If I can write to a file, technically there is nothing preventing me from zeroing out the file's contents.
But with such a broad rule that seems to act as a catch all you don't really need ACLs at all. Just set the "other" permissions to r-- ( 0600 ) and users that are neither the owner, nor part of the owning group will be unable to write or execute the file. In your example that would mean anyone that is neither the user cb0 nor part of the group staff.
That being said, if you are interested in more indept information on ACLs and their respective commands, I would suggest you take a moment to carefully read through the POSIX Access Controls document : http://www.suse.de/~agruen/acl/linux-acls/online/
You probably need to set the sticky bit on "others" on the dir.
E.g. chmod o+t
This allows the owner of a file to delete it, but no-one else (except of course privileged users).
As far as I know on a unix file system its nit possible to prevent a file's owner deleting it (without changing the containing dirs perms after the file was created).
delerious010: FYI OSX has additional ACLs grafted into its file system permisiiong model not available on most unix file systems.