3

I don't know if this is even possible so I need to ask. I'd like to allow a single file to be created by a user (a flag-file) but only that file should be able to be created.

As I have the parent directory read-only for that user, it's currently not possible for the user to create (via touch <filename>) the file.

And as the file yet does not exists, I can not grant write rights with chmod (e.g. chmod u+w <filename>).

Is there a way to set permissions of currently non-existent files to come into action when the file is being created?

I've looked into ACLs for the first time and played with setfacl but it seems it can't pre-create entries for non-existent files.

Background: I'm doing this scenario for testing purposes. In the essence I want to prevent modification of files so most of them are read-only. But from time to time a certain file is to be created and I want to allow it for specific filenames / paths only.

I'm doing this on a Ubuntu 14.04 Linux box.

hakre
  • 431

1 Answers1

1

That's more control than what you can get through ACLs. There's no way to set an ACL on a directory that allows a certain user or group to create files only if the file has a certain name.

The most obvious solution to this problem would be to create the file in question from the start and give it the permissions you want.

If that's impossible, you can make a program that creates the file and give a user the permission to run this program in a group that has write permission on the directory through sudo.

bob = (bob : somegroup) touch /path/to/foo

Then the user bob can run

sudo -g somegroup touch /path/to/foo
Gilles 'SO- stop being evil'
  • 829,060
  • I now did it the other way round: If the test process can not write into that directory the test is marked as skipped. Neither a solution, but on the other hand I can not sudo in that case. I might need to learn about FUSE perhaps finding out if it's possible but that is all new terrain for me. But thanks for your answer. – hakre Mar 19 '16 at 23:43