Restrict a User from Uploading Files?

[rick_ca]

Ok here is a way to make what I am doing more easily understandable since I don't think many people have experience with remote access software, essentially the person is able to use my server, they are logged in and can view and edit files, I want to prevent this person from uploading files to another computer over the internet (whether it be via email, ftp or another method), for example if a person was working in an office on a server set-up the goal would be to make it so they can use, view and edit files but not remove them from that machine.

[rcgreen]

the goal would be to make it so they can use, view and edit files but not remove them from that machine.

It is a matter of permissions. Once you have permitted the
remote user to view the file, it is on his screen. He can read
the screen and write the data down with pen and paper. He
has his own copy of the data because you granted him
the permission when you let him view it.

The technology can't distinguish between viewing
the file and acquiring a copy of it.

You have also given him permission to edit the file,
which includes overwriting it with new data or deleting it.
You can make sure you archive copies that are not accessible
to these remote users, but the copy that they have permission
to view and edit is also available for them to copy and broadcast
all over the net.

Make sure your users are trustworthy before you choose to trust them.

[rick_ca]

Yes I realize they could copy the data by hand or take screenshots, however there is still a difference in removing the files, I am going to be recording their actions while on the server so there will still be a lot of files that they will access but not actually open to view the source code and if I saw files unnecessarily being opened to view the code I would know something is up.

[pavlo_7]

Do you want users to also create files, or just modify existing ones without being able to delete them?

If you upload the files and set permissions, and all users do is edit the files without being able to create or delete anything (except the content inside the existing files, since they can edit them), then it is possible.

Here is what I see in my Ubuntu:

Code:

editors@ubuntu:~$ whoami
editors
editors@ubuntu:~$ pwd
/home/editors
editors@ubuntu:~$ ls
Examples  work
editors@ubuntu:~$ ls -ld work/
drwsr-s--T 2 different different 4096 2008-07-14 02:55 work/
editors@ubuntu:~$ cd work/
editors@ubuntu:~/work$ ls -l
total 4
-rwxr-x--- 1 editors different 6 2008-07-14 03:22 tesfile
editors@ubuntu:~/work$ cat tesfile 
hello
editors@ubuntu:~/work$ echo hello again >> tesfile 
editors@ubuntu:~/work$ cat tesfile 
hello
hello again
editors@ubuntu:~/work$ echo hello one more time  > tesfile 
editors@ubuntu:~/work$ cat tesfile 
hello one more time
editors@ubuntu:~/work$ echo > tesfile 
editors@ubuntu:~/work$ cat tesfile 

editors@ubuntu:~/work$ rm tesfile 
rm: cannot remove `tesfile': Permission denied
editors@ubuntu:~/work$ touch testfile2
touch: cannot touch `testfile2': Permission denied
editors@ubuntu:~/work$

In this example, permissions on /home/editors/work directory set to

Code:

7750

Hope this helps.