Permissions – Prevent Deletion of Certain Files in User-Owned Directory

directorypermissionsrm

Let's say user has Directory1 and it contains File1 File2 CantBeDeletedFile
How to make so the user would never be allowed to delete the CantBeDeletedFile?

If I change the ownership of Directory1 and remove write permissions users wouldn't be able to delete any file. They also wouldn't be able to add new files etc.

I just want to be able to set some files which would never be deleted.

More specific description.

I am creating user profiles. I am creating application launcher files in their Desktop. So I want to set some launcher files (.desktop) and make them so user can only launch them and they couldn't rename nor delete, just launch.

Currently if user owns the directory which contain any file. He can delete.

If there is no generic way for all *nix, it's a Linux and ext4 FS.

Best Answer

(I dislike intruding users' home, I think they should be allowed to do whatever they want to do with they homes… but anyway…)

This should work on linux (at least). I'm assuming user is already a member of the group user. A solution is to change ownership of Directory1 and set the sticky bit on the directory:

chown root:user Directory1
chmod 1775 Directory1

Then use:

chown root Directory1/CantBeDeletedFile

Now, user won't be able to remove this file due to the sticky bit¹. The user is still able to add/remove their own files in Directory1. But notice that they won't be able to delete Directory1 because it will never be emptied.

—
^{1. When the sticky bit is enabled on a directory, users (other than the owner) can only remove their own files inside a directory. This is used on directories like /tmp whose permissions are 1777=rwxrwxrwt.}

Best Answer

Related Solutions

Way to protect a file from being deleted, but not from being altered

Linux – Does the “w” permission bit on a directory allow you to delete the directory

Related Question