topic Re: change mode in Operating System - HP-UX

change mode

Cheung_2 — Tue, 07 Jan 2003 07:50:22 GMT

I would like to change the mode as all users can write something to this file , but only root can delete this file , what is the approiprate mode in this case? Thx.

Re: change mode

U.SivaKumar_2 — Tue, 07 Jan 2003 07:56:32 GMT

Hi,

Once write bit is set on the file for all the users , anybody can also delete/overwrite that file. SO your requirement is not possible.

regards,
U.SivaKumar

Re: change mode

sycncs — Tue, 07 Jan 2003 07:56:45 GMT

Hi there

I am not sure if I understand your question correctly.

If you DO NOT want others to write to this file, do "chmod 755 ".

If you WANT all users to write to this file, do "chmod 777 "

Then after that, login as root, do "chmod root:sys . This will ensure only root can delete this file.

Hope this helps.

Re: change mode

S.K. Chan — Tue, 07 Jan 2003 08:06:26 GMT

You can control this from the permission/ownership of the directory where the file is located. For example ..
# cd /tmp
# mkdir dirA
# chmod 750 dirA
# chown root:users dirA
# cd /tmp/dirA
# touch fileA
# chmod 777 fileA
Now as normal user (assuming group ownership is "users"), fileA can be modified by anyone but cannot be deleted by anyone except root. Ignore if this is not what you're looking for.

Re: change mode

Cheung_2 — Tue, 07 Jan 2003 08:26:23 GMT

I have test it - use root to create a file ( touch file ) , change it to 666 ( chmod 666 file ) , change the owner as root (chown root:sys file ) then everyone can modify and delete , how can I prevent users can delete it? Thx.

Re: change mode

T G Manikandan — Tue, 07 Jan 2003 09:06:55 GMT

The case you can do here is the sticky bit.

setting sticky bit on a file will provide a way where only the owner or the super user can delete the file.

Create a file /tmp/a as root user and set sticky bit for the file with 777 permissions.

That should be fine.

chmod 1777
Also make sure the owner is root

Re: change mode

U.SivaKumar_2 — Tue, 07 Jan 2003 09:55:58 GMT

Hi Manikandan,

sticky bit wont work for regular files

regards,
U.SivaKumar

Re: change mode

T G Manikandan — Tue, 07 Jan 2003 10:08:38 GMT

Yes Siva Just did not think more...

It works only for dir.
Then you should think of ACL's.

Re: change mode

Bill Hassell — Tue, 07 Jan 2003 13:45:24 GMT

Very important Unix concept: the ability to write to a file (including deleting the contents) is controlled by the FILE's permission. But the ability to delete, move or rename a file has absolutely nothing to do with the FILE's permissions. Put it another way: the existence of a file completely depends on the permissions of the directory, not the file!

For example, create a directory owned by root with 755 permissions. Then touch a file inside the directory and give it 666 permissions. Now as an ordinary user, you can do anything to the file EXCEPT remove it! The directory permissions control the existence, while the file permissions control the contents. Set the directory ownership to the user that can actually remove the file and you've protected the file(s).

As mentioned the sticky bit may be set on a globally writable directory such as /tmp (normally 777 permission, set sticky with 1777 permissions) and this will disable the ability of everyone except the owner of the file from removing the file. Now the file can be 666 permissions and the contents changed by anyone but not removed (or renamed) except by the owner. This is commonly done for /tmp and /var/tmp