This is the most common misunderstanding of Unix permissiomns there is. The answer is: YES, you can prevent deletion of a file and still write to it.
Number one rule on permissions: The ability to delete a file has NOTHING (repeat, NOTHING) to do with the file's permissions! The existence of a file (creation OR deletion) is controlled by the directory!
Prove it with this scenario:
# touch /tmp/IamROOT
# chmod 000 /tmp/IamROOT
Now login as a dumb user. You cannot read or write this file even though it is in the /tmp directory. But try:
$ rm /tmp/IamROOT
Unless your sysadmin has set the sticky bit on the *directory*, the file is gone! You had no permissions to change the contents but removal is permitted by the directory. David Totsch (HP) put it best in a Unix Basics class:
"You do not have a complete understanding of the permissions on a file until you trace the directory path to where no-one has access to the parent directory."
In other words, not just the current directory but all parent directories--they all control the ability of a file to exist and/or to be seen.
So, set the sticky bit in shared directories (like /tmp and /var/tmp and files cannot be removed (or mv'ed) except by their owner, regardless of permissions on the file itself. No special software needed and it works on all flavors of Unix.
Bill Hassell, sysadmin
