I have multiple users on my system. I'd like to have shared directories like music, video. pictures etc. The problems is that I want users to be able to write any new files to any directory, but not be able to delete or modify any files they don't own. With standard unix perms if you can add a file to a directory you can also delete others. I'd also like to make sure all the files in these directories are always readable by the user group.
Can I do this with POSIX ACL's? or do I need something more advanced like SELinux (or other security framework).
example of what I don't want to work.
su - root
mkdir /home/music
chmod 775 /home/music
chgrp users /home/music
su - user1 /home/music
touch /home/music/testfile
ll /home/music/testfile
su - user2
rm /home/music/testfile
ll /home/music
Best Answer
If I understand you correctly you want for your music/video etc. directories the same semantic as for /tmp.
For this, you could put the sticky bit on the directories. To quote from the chmod man-page: