Find the answer to your Linux question:
Results 1 to 4 of 4
Is there a way to remove write access for owner of a file? I was looking at the ACL algo, and saw this: Code: If the effective user ID of ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2013
    Posts
    3

    Remove write access for owner of a file?


    Is there a way to remove write access for owner of a file? I was looking at the ACL algo, and saw this:
    Code:
    If the effective user ID of the process matches the user ID of the file object owner, then
    if the ACL_USER_OBJ entry contains the requested permissions, access is granted,
    else access is denied.
    How do I modify this ACL_USER_OBJ entry? Is there a way?

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    hi,

    you can change the ACL of the file so that the owner does not have write permissions, but they can still modify the file in some ways. for example, they could open the file in vi and modify it and save it (using the "!"). or they could "touch", or "rm" or "mv" it. but they could not do:
    Code:
    echo 1 > file.txt
    you could probably do this with SELinux though.

    you could also set the immutable flag (as root), which would prevent any changes to the file, e.g.:
    Code:
    chattr +i file.txt
    but that would prevent everyone from modifying the file (even root, until the flag is removed).

  3. #3
    Just Joined!
    Join Date
    May 2013
    Posts
    3
    Ah. Gotcha. What is ACL_USER_OBJ? Is there a way to modify that?

  4. #4
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by healthycola View Post
    What is ACL_USER_OBJ? Is there a way to modify that?
    The kernel sees files and directories as objects; for a given object (say a file), the ACL_USER_OBJ represents the ACL (Access Control List) access rights for the owner of that file, as the kernel sees it. In other words, "rwx", or maybe "rx".

    You can change them using chmod, or if you need more fine-grained control (like granting access to a particular user), then look into using ACLS (for this, getfacl and setfacl).

    You can read more than you ever wanted to know about Linux ACLs here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •