Thou shalt not delete!

March 11, 2007

This came up in the chatroom. How do you protect a folder from being deleted while still being able to write to it? Locking it directly doesn’t work, locking the parent one does, but then you can’t write to the parent dir. Standard UNIX permissions are of little help, as there is no such thing as a “delete bit”. Enter Access Control Lists. First let’s make sure they’re on:

> sudo fsaclctl -p / -e

and then we can just take away the right to delete:

> chmod +a "filipp deny delete" test

> ls -e

drwxr-xr-x +  5 filipp  filipp   170 Mar 11 19:15 test

 0: user:filipp deny delete

+a always adds an ACE, so to delete one:

> chmod -a# 0 test

Suhweet!