HPE Community
Operating System - Linux
1753782 Members
7117 Online
108799 Solutions
New Discussion

Re: Delete a file who doesn't own or part of the group

 
Unixworld
Occasional Contributor

‎05-29-2012 06:32 AM

‎05-29-2012 06:32 AM

Delete a file who doesn't own or part of the group

I am not part of the group or owner of the directory. Still how can I make to delete a file in that directory?

 

Okay here is what I need: I should be able to delete one file in the directory and not other files. How can I make it possible. I know that if I can't write to a directory I can't delete a file. But I guess, someone must have figured this out. Please let me know.

0 Kudos
Reply
1 REPLY 1
Matti_Kurkela
Honored Contributor

‎05-29-2012 11:14 PM

‎05-29-2012 11:14 PM

Re: Delete a file who doesn't own or part of the group

NOTE: below, I'll assume that the user who wants to delete the file has the username "someuser" or belongs to group "somegroup", and the user who owns the directory has the username "dirowner". The file that needs to be deleted is /some/directory/specialfile. Change these to fit your environment.

 

Configure sudo to allow the required user/group/everyone to run the rm command as the directory owner to delete that particular file. For example, one of the following sudoers file entries should work, depending on your requirements. Remember to use the visudo command to edit the sudoers file: the command will check the modified sudoers file for correctness before replacing the current sudoers file with it, so you will be protected from making syntax errors.

# allow one user only to delete the special file
someuser ALL=(dirowner) NOPASSWD: /bin/rm -f /some/directory/specialfile
# allow one group only to delete the special file
%somegroup ALL=(dirowner) NOPASSWD: /bin/rm -f /some/directory/specialfile
# allow everyone to delete the special file
ALL ALL=(dirowner) NOPASSWD: /bin/rm -f /some/directory/specialfile

 

Then write a script with a suitable name (e.g. "rmspecialfile") like this:

#!/bin/sh

if [ $(whoami) != "dirowner" ]
then
    # Not the "dirowner" user: use sudo to attempt deletion as the correct user
    # (the actual authorization will be in the sudo configuration)
    exec sudo -u dirowner /bin/rm -f /some/directory/specialfile
else
    # The "dirowner" user can use this script too if s/he wants to.
    # In that case, no sudo is required.
    /bin/rm -f /some/directory/specialfile
fi

Place this script to /usr/local/bin and set it executable (chmod a+x /usr/local/bin/rmspecialfile).

 

If the user is authorized to delete the special file, the command "rmspecialfile" will do it - no questions, no password prompts (because of the NOPASSWD: tag in the sudoers entry). On the other hand, if the user is not matched by the sudoers entry, the sudo command will reject the attempt and the user will not be able to work around the rejection.

 

In both cases, the sudo command will create a log entry with details of who exactly deleted the file (or made a hopeless attempt of doing so).

MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.