How to create a directory, where users can delete only their own files, but one user can delete anyone's files?

4 votes

1 answer

541 views

                          Consider the following setup:

    # two users in groups sales
    useradd edwin
    useradd santos
    groupadd sales
    usermod -aG sales edwin
    usermod -aG sales santos

    # two users in group account
    useradd serene
    useradd alex
    groupadd account
    usermod -aG account serene
    usermod -aG account alex

    # every group has its own directory with full access
    mkdir -p ./groups/sales ./groups/account
    cd ./groups
    chown :account ./account
    chown :sales ./sales
    chmod g+rwx ./account ./sales

The task states:

> Users have permissions to delete only their own files, but alex is the general manager, so user alex has access to delete all users' files.

Now users should be able to only delete their own files, so I do:

    chmod +t /groups/account /groups/sales

But now I have a problem. Alex is admin, and should be able to delete _anyone's_(!) files. So I do for example:

    setfactl -a u:alex:rwx /groups/sales /groups/account

But this does not help:

    [root@localhost groups]# getfacl sales/
    # file: sales/
    # owner: root
    # group: sales
    # flags: --t
    user::rwx
    user:alex:rwx
    group::rwx
    mask::rwx
    other::r-x
    [root@localhost groups]# sudo -u edwin touch sales/file
    [root@localhost groups]# sudo -u alex rm -f sales/file
    rm: cannot remove 'sales/file': Operation not permitted

Is it possible to apply sticky flag to all except one user?

                        

Asked by KamilCuk (970 rep)

Mar 11, 2022, 08:49 AM
Last activity: Mar 11, 2022, 09:32 AM

How to create a directory, where users can delete only their own files, but one user can delete anyone's files?

Related Questions