file/folder permissions: permit rename but not delete

M

Muzz

Hi all!

I'm a newbie about FreeBSD, and I'm trying to set up a Samba server. The problem is not strictly connected to Samba, but is in general with the permissions of the files/directory in FreeBSD. In short, I need some folders where some users (all the ones that belongs to the folders group) can list, execute, copy/create, and rename all the files, but only the owner of the file could delete it.

For example, I have user1 and user2, both in the group test, and I have the folder images. I want that both users can open and list the folder, both can copy some files in the folder, and both can rename all the files in the folder (because both are in the group test), BUT only the owner of the files can delete his files.

That's why I like that someone could change the names of the pictures even if aren't its files, but only the owner of the images (the one who have copied the files in the directory) could delete them.

If I set the permissions to the folder with the sticky bit, only the owner of the file can delete it, but also only the owner can rename it!
If I set the permissions to the folder like rwxrwx--- everyone in the group can rename the files, but also everyone can delete it...

Don't know if there is a solution or if it's not possible...

Thanks in advance.
 
As an outside observer, how would I would know if a file in a directory been simply renamed or if that file had just been deleted and other apparently unrelated file(s) had been added to the directory?. That's why the sticky bit works the way it does. If "user1" put "file1" out there, "user1" would most likely expect to be able to go back to that folder in the future and find "file1" still there. If "user2" decided that it should be called "fileX" for whatever reason, he/she is permitted to make a copy of "fileX" and name it however they would like (at the expense of wasted space), or they have the option of explaining to "user1" why "fileX" is not the right name and get them to rename it.
 
Thanks @ljboiler for the reply, in fact in my ingenuity I didn't think that my question could introduce a small lack of security because if user2 renames a file owned by user1 and than creates a file with the original name of the first, user1 could open/execute that file thinking that's the one he put there, and not another one (also if the owner name of the file would be user2 and so user1 could notice that this file is not his file).

Anyway, in my case I'm not worried about that because "I trust" to the users that belongs to the group and I know that they will not do something similar, and also the risks are lower respect the benefits for me.
For example I copy 1000 pictures that will be renamed by other guys without telling me "hey it's better if you rename pic001 to sunset at the lake" or that they make a copy of the picture, rename it with the corrcet name and then tell me "hey, delete pic001 because I make a copy of it with the correct name.

So if there is a way to allow the rename but not the delete for a file, for me it's ok. If there is not, I will use the sticky bit and I will suffer all the "hey, please rename ..." :)

Thanks
 
Last edited by a moderator:
Please remember that renaming a file can delete other files by overwriting them:
Code: 
% cd /tmp
% echo "this is the first file" > file1
% echo "this is the second file" > file2
% mv file2 file1
% cat file1
this is the second file
 
You must log in or register to reply here.
Back
Top