4

Consider the following setup:

# two users in groups sales useradd edwin useradd santos groupadd sales usermod -aG sales edwin usermod -aG sales santos # two users in group account useradd serene useradd alex groupadd account usermod -aG account serene usermod -aG account alex # every group has its own directory with full access mkdir -p ./groups/sales ./groups/account cd ./groups chown :account ./account chown :sales ./sales chmod g+rwx ./account ./sales

The task states:

Users have permissions to delete only their own files, but alex is the general manager, so user alex has access to delete all users' files.

Now users should be able to only delete their own files, so I do:

chmod +t /groups/account /groups/sales

But now I have a problem. Alex is admin, and should be able to delete anyone's(!) files. So I do for example:

setfactl -a u:alex:rwx /groups/sales /groups/account

But this does not help:

[root@localhost groups]# getfacl sales/ # file: sales/ # owner: root # group: sales # flags: --t user::rwx user:alex:rwx group::rwx mask::rwx other::r-x [root@localhost groups]# sudo -u edwin touch sales/file [root@localhost groups]# sudo -u alex rm -f sales/file rm: cannot remove 'sales/file': Operation not permitted

Is it possible to apply sticky flag to all except one user?

Improve this question

1 Answer 1

Reset to default
1

The only missing part is that Alex should own the directory

chown alex ./groups/sales ./groups/account
Improve this answer
2
  • It works... why? sticky bit does not apply to the owner of the directory? I see setfacl I did can be removed. Commented Mar 11, 2022 at 9:35
  • Correct - the owner of a directory can always delete items from it. Commented Mar 11, 2022 at 10:54

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.