Append only directory ? Is this possible with unix permissions ?

Parv parv at
Tue Apr 10 21:58:35 UTC 2007

in message <651324.93642.qm at>,
wrote Gore Jarold thusly...
> I have a user whose home directory I would like to make "append
> only".

See chflags(1), getfacl(1), and setfacl(1).

> That is to say, they cannot delete files, or delete information
> from files, but they _can_ create new files or append information
> to existing files.

If you set sappnd flag (via chflags) on a directory, then nobody
will be able to delete any pre-existing files (or files created
later) in that directory.  However, any file in that directory can
still be truncated to size of 0.

If set the same flag on a file, then that particular file cannot be
deleted or truncated, only be appeneded.

So you may need to set the sappnd flag at least on each file.

> Or, if that is not possible, at the very least I wouldlike the
> ability to create new files, while not being allowed to delete any
> files.
> Is this possible with unix permissions ?  Is it possible in the
> freebsd filesystem in any way at all ?

The sticky bit, as mentioned in other reply, will limit file
modifications, including deletion, to the owner of the file.

In case like this ACLs seem to be most appropriate.  FreeBSD 5.0
included "a complete ACL implementation based on extended attributes
for the UFS and UFS2 file systems".  See also acl(9) which lists the
appropriate kernel option (UFS_ACL).

  - Parv


More information about the freebsd-questions mailing list