| View previous topic :: View next topic |
| Author |
Message |
vcmota
Guru
Joined: 19 Jun 2017
Posts: 367
|
 Posted: Tue Jan 23, 2024 5:14 pm Post subject: [SOLVED] Protect a folder agains removal |
 |
|
It is a simple question, but since it is a very important folder I thought I should aks before try anything: how to protect a folder solely agains removal by the regular user? Say I have the superuser (root) and a regular user (vcmota), and I want that vcmota has the permission to do everything with a given folder but remove it. The regular user should be able to either write or delete anything inside the folder, but should never be able to delete the folder.
To clarify, this is the motivation: I have my fodler system setup like this
| Code: |
/> tree -d -L 1
.
├── archive
├── bin
├── boot
├── dev
├── etc
├── final
├── home
├── lib
├── lib64
├── lost+found
├── media
├── mnt
├── opt
├── proc
├── root
├── run
├── sbin
├── strict
├── sys
├── tmp
├── usr
└── var
|
Te folder /archive is a partition made in another physical disk that works solely as an eternal backup of the folder /home, which is in a partition inside the "primary" disk. It is feeded through rsync three times a day via cron.
And today I had a big scare: I was cleaning up /archive before a backup to another external disk and by distraction I tiped the command
which was not my intention al all, and almost instantaneously I killed the command with ctrl+c. I still dont know weather I have lost anything of significance. So I get terrified with the possibility of that repeating again in the future.
Thank you all for your attention.
Last edited by vcmota on Thu Jan 25, 2024 8:32 pm; edited 1 time in total |
|
| Back to top |
|
 |
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54340
Location: 56N 3W
|
| Posted: Tue Jan 23, 2024 5:17 pm Post subject: |
|
|
vcmota,
I'm not sure I understand.
You want the user to be able to delete any/every file in /archive but not the then empty folder?
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 1693
|
| Posted: Tue Jan 23, 2024 5:25 pm Post subject: |
|
|
The write (w) permission of a directory determines if anything can be created, moved or deleted directly underneath it.
/archive being deleted has to do with the permissions of / (which default to root:root).
The contents of /archive/ are set by the permissions of archive itself (they are not recursive).
If a user can create a file or directory, then they have the permission to delete the same. |
|
| Back to top |
|
|
vcmota
Guru
Joined: 19 Jun 2017
Posts: 367
|
| Posted: Tue Jan 23, 2024 7:23 pm Post subject: |
|
|
| NeddySeagoon wrote: | vcmota,
I'm not sure I understand.
You want the user to be able to delete any/every file in /archive but not the then empty folder? |
Thank you NeddySeagoon for your reply.
Yes, that is what I want. The issue is that I was interchanging between the commands "du -h /archive/insidefolder" and "rm -fr /archive/insidefolder", deleting "insidefolder" and checking the size with "du -h /archive". Eventually I got distracted and tried to delete "/archive" instead of checking for its size. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 21740
|
| Posted: Tue Jan 23, 2024 8:23 pm Post subject: |
|
|
| What is the value of preventing the user from deleting this empty folder? You wrote in your initial post that you killed the errant deletion, and are unsure what you lost. If you value the contents of the folder, then you don't want the user to delete things in it. If you don't value the contents of the folder, then what is the harm of running that rm -rf and letting it finish? |
|
| Back to top |
|
|
Zucca
Moderator
Joined: 14 Jun 2007
Posts: 3373
Location: Rasi, Finland
|
| Posted: Tue Jan 23, 2024 8:58 pm Post subject: |
|
|
If possible, I'd take read-only snapshots from this directory.
And as usual: backups too.
_________________
..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
| Quote: | | I am NaN! I am a man! |
|
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3154
|
| Posted: Tue Jan 23, 2024 11:00 pm Post subject: |
|
|
| Quote: | | The folder /archive is a partition made in another physical disk that works solely as an eternal backup of the folder /home, which is in a partition inside the "primary" disk. It is feeded through rsync three times a day via cron. |
I don't understand how it's supposed to work, why is it OK to delete your "eternal" backup, or why are you so protective of an empty folder.
It's not like deleting the folder itself will damage that other physical disk, but a backup that forgets old versions as soon as new version is created is not a very good backup. |
|
| Back to top |
|
|
vcmota
Guru
Joined: 19 Jun 2017
Posts: 367
|
| Posted: Thu Jan 25, 2024 8:31 pm Post subject: |
|
|
Thank you all for your replies, I learned a lot!
I guess what I wanted is either bad practice or just didn't make any sense. I was just terrified. It probably resort to this: if, before any cleanup, I just remind myself of running a full backup, I should always be safe.
Thank you again! |
|
| Back to top |
|
|
|
Other Things Gentoo
