I would like to give a user permissions to create and read files in a particular directory, but not to modify or delete files. If the user can append to files that is ok, but I'd rather not. This is on Ubuntu Linux.
I think this is impossible with standard Unix file permissions, but perhaps this is possible using ACLs? The user will always be connecting using SFTP, so if there was some way to control this within SFTP (as opposed to OS permissions) that would be fine.
To be absolutely clear, I want the following:
- echo hello > test # succeeds, because test doesn't exist, and creation is allowed
- echo hello >> test # can succeed or fail, depending on whether appending is allowed
- echo hello2 > test # fails, because test already exists, and modification is not allowed
- cat test # succeeds, because reads are allowed
- rm test # fails, because delete is not allowed
If you're wondering why I want to do this, it's to make a Duplicati backup system resistant to Ransomware.
Best Answer
You could use
bindfs
like:That directory is owned by stephane, with group stephane (stephane being its only member). Also note the
t
that prevents users from renaming or removing entries that they don't own.We
bindfs
dir
over itself with fixed ownership and permissions for files and directories. All files appear owned byroot
(though underneath in the real directory they're still owned by stephane).Directories get
drwxrwxr-x root stephane
permissions while other types of files get-rw-r--r-- root stephane
ones.Now creating a file works because the directory is writeable:
However it's not possible to do a second write
open()
on that file as we don't have permission on it:(note that appending is not allowed there (as not part of your initial requirements)).
A limitation: while you can't remove or rename entries in
dir
because of thet
bit, new directories that you create in there won't have thatt
bit, so you'll be able to rename or delete entries there.