directories like Hotel California

[Andrew Elmore]

On Mon, Mar 22, 2004 at 02:15:29PM -0700, Elliot Finley wrote:
> I have a directory that I export via NFS.  I want people to be able to do a
> directory listing to see whats there.  I also want them to be able to copy
> files into this directory.  but I don't want them to be able to copy files
> out of this directory.
> 
> I don't see any way to accomplish this with file permissions.  Am I missing
> something?

The file permissions model allows you to accomplish this, but you'll
have to change permissions on the files as well.

The permissions on the directory should be writable by everyone, but
the "sticky bit" will be set so that nobody except the owner of the
directory, or the owner of a file will be able to delete files.

   $ mkdir directory
   $ chmod ugo+rwxt directory
   $ ls -ld directory
   drwxrwxrwt  2 aelmore  users   512 Mar 22 13:53 directory
   $

You will need to make sure that each file within the directory is not
readable by anyone (because to copy out implies reading the file).

   $ touch directory/file
   $ chmod ugo-rwx directory/file
   $ cp directory/file /tmp
   cp: directory/file: Permission denied
   $

Note that the owner of the file is allowed to delete that file.

Hope this helps.

AE