在Linux上仅创建文件权限
[英]create only file permission on linux
问题描述
I would like to create a directory under linux (or mount one eg: nfs), where: 
我想在linux下创建一个目录(或挂载一个目录,例如:nfs),其中:
- every user can create files 每个用户都可以创建文件
- but only the root user can modify the created files (overwrite, delete, or move them) 但只有root用户可以修改创建的文件(覆盖,删除或移动它们)
How can this be done, and how secure are these solutions? 如何做到这一点?这些解决方案的安全性如何? (for example: sentinel script, umask, etc.?) (例如:哨兵脚本,umask等?)
Thanks, krisy 谢谢,克里斯蒂
2 个解决方案
解决方案1
0 2013-08-22 10:43:53
If it is also ok that the user that created the file can change them, you can use the sticky bit. 如果创建文件的用户可以更改它们也可以,则可以使用粘滞位。 This is the first digit if you give chmod a 4 digit argument. 如果您给chmod一个4位数的参数,则这是第一位数。
su -
mkdir stickydir
chmod 1775 stickydir
chown user.group stickydir
Now all members of group can write to the dir, but only the user that created a file or root can change the files 现在,组中的所有成员都可以写入目录,但是只有创建文件或root用户才能更改文件
su - user1 #member of group
touch stickydir/stickytest-user1 #ok
su - user2 #member of group
touch stickydir/stickytest-user2 #ok
rm stickydir/stickytest-user1 #permission denied
rm stickydir/stickytest-user2 #ok
解决方案2
0 已采纳 2013-08-22 10:51:35
I would try to change file permissions after creation using inotifywait . 创建inotifywait之后,我将尝试更改文件权限。 This (untested) snippet might help a bit, but is definitely not very elegant. 这个(未经测试的)片段可能会有所帮助,但是绝对不是很优雅。 It sets root as the owner of all created files in /path/to/dir and removes write-permission for group and others. 它将root设置为/ path / to / dir中所有已创建文件的所有者,并删除组和其他文件的写权限。
while true; \
do inotifywait -e create /path/to/dir/ && \
chown root /path/to/dir/* && \
chmod g-wo-w /path/to/dir/*; \
done
Hope that helped a bit *jost 希望能有所帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.