How to give permissions to read write but not delete the file?

umen · September 7, 2016, 4:52am

i want to give users the ability to create write and read files in other user directory , but not to have option to delete the file after created ( sticky bit not going to work here ... ) for example :

i have user : manager  with directory repository  
i have user : worker1 that need to write files to /manager/repository  can't delete the files 
i have user : worker2 that need to write files to /manager/repository  can't delete the files  
i have user : worker3 that need to write files to /manager/repository  can't delete the files

but worker 1-2-3 can't delete the files after created only manager and root can delete the files worker 1 2 3 created.

i tried few chown and chmod tricks with stick bit 1 without success.

rbatte1 · September 7, 2016, 5:43am

The sticky bit should be applied to the directory. Can you show us the output from ls -ld /path/to/directory

I hope that this helps,
Robin

umen · September 7, 2016, 5:57am

drwxrwxr-t 2 manager users 4096 Sep  7 11:30 directory

Corona688 · September 7, 2016, 11:06am

Whether they can create or delete files is controlled by the write-bits on the directory. If they can write to the directory, they can create and delete files in it. This is unrelated to the writes bit on the files, which control who can alter the files.

The sticky bit changes this behavior. You can see this happening inside /tmp, inside which anyone can create files, but where only a file's owner (or root) can delete them.

This is not quite what you asked for, but close.

xbin · September 7, 2016, 12:38pm

NFSv4 ACLs can to the job but that depends on whether your OS supports them.