It might be enough to set the sticky bit in directories. Users will be able to delete any files that they own, but not those that belong to other users. This may be sufficient for your use case. On most systems, / tmp is set this way (/ tmp is set to 1777)
chmod 1775 / controlled
However, if you want more control, you need to enable ACLs in the file system in question.
In / etc / fstab add acl to the flags:
/dev/root / ext3 defaults,acl 1 1
Then you can use setfacl / getfacl to manage and view acl level permissions.
Example: (Create files, after they are written, they are read-only, but can be deleted by the owner, but not by others). A.
setfacl --set u::rwxs,g::rwx /controlled setfacl -d --set u::rx,g::rx,o::- /controlled
You can set the default acl list in the directory that will be used by all files created there.
As others have noted, be careful to indicate exactly what you want. You say write - but can users overwrite their own files? Can they change existing content or just add? After writing, is it just a read? Perhaps you can provide more details in the comments.
Finally, selinux and grsecurity provide even more control, but it is a whole different worm from worms. This can be quite difficult to configure.
jmanning2k May 15, '09 at 16:33 2009-05-15 16:33
source share