Hi
We have two dirs where a customer needs full access. I wish to avoid technically that the customer cant delete those two dirs.
In Linux world, you have immutable flags (ACL) for this. Howto do the same with Solaris 10 and ZFS?
ZFS implements the immutable flag. Here is how to use it:
# mkdir /pool/im
# ls -d/ v /pool/im
drwxr-xr-x 2 root root 2 nov. 10 16:07 /pool23g/ro/im
{archive,nohidden,noreadonly,nosystem,noappendonly,nonodump,noimmutable,av_modified,noav_quarantined,nonounlink}
# chmod S+ci /pool/im
# ls -d/ v /pool23g/ro/im
drwxr-xr-x 2 root root 2 nov. 10 16:07 /pool/im
{archive,nohidden,noreadonly,nosystem,noappendonly,nonodump,immutable,av_modified,noav_quarantined,nonounlink}
# id
uid=0(root) gid=0(root)
# rmdir /pool/im
rmdir: /pool/im: cannot remove [Not owner]
# chmod S-ci /pool/im
# rmdir /pool/im
However, I believe this only works with SunOS 5.11 based OSes, not Solaris 10. I have no idea about if this will be backported.
An alternative would be a dtrace script that will monitor any attempt to remove that specific directory and make this fails.
Hi jlliagre
Thanks, but this (as you said already) is only Solaris 11. How is the solution with the dtrace-script? You have an example?
That script should immediately revive any directory named "immutable" that happen to be removed.
#!/usr/sbin/dtrace -ws
fbt::fop_rmdir:entry /stringof(args[1])=="immutable"/
{
self->path=args[0]->v_path;
}
fbt::fop_rmdir:return /self->path/
{
system("mkdir %s/immutable;chmod 04777 %s/immutable",stringof(self->path),stringof(self->path));
}
If the user(s) can't write to the parent directory, they won't be able to remove or rename the directory.
Just like you can't (normally) remove or rename your own home directory.
If the user(s) can't write to the parent directory, they won't be able to remove or rename the directory.