I have created a group name "app-data" and a folder /db-data/archived-data/
I want members of app-data to have all rights on /db-data/ folder but I want the same group users have only create and delete access on /db-data/archived-data/ folder (users should not be able to modify any files or directories in it. but they should be able to create or delete any files or folders they want.
How can we do it. I think this is possible through ACL but please feel free to let me know how can we achive this? using any method I am fine but I want this configuration.
please help.
This is definitely possible. First, change
/db-data's group toapp-data:Now set up the permissions:
sudo chmod -R g+rwx /db-datagivesapp-datafull permissions to/db-dataand everything inside itsudo chmod -R g-w /db-data/archived-data/*removesapp-data's write permissions for everything inside/db-data/archived-datasudo find /db-data/archived-data -type d -exec 'chmod' 'g+rwx' '{}' ';'restoresapp-data's write permissions for every directory in/db-data/archived-data(but not the files inside those directories), which is necessary to letapp-datacreate and delete any files or directories inside/db-data/archived-data.Now anyone in
app-datawill be able to read, execute, create, and delete files or directories in/db-data/archived-data(including sub-directories deeper than 1 level; i.e.app-datawill be able to create and delete files in/db-data/archived-data/a/b/). If you don't wantapp-datato have read and/or execute permissions either, change theg-winsudo chmod -R g-w /db-data/archived-data/*tog-rwfor no read permissions,g-wxfor no execute permissions, org-rwxfor no permissions at all (if you do this after running thefindcommand, you will have to re-run it).Finally, note that if a user in
app-datacreates a file or directory, he/she will be able to modify the file/directory that he/she created (but existing files will still be unmodifiable).