Gavin Pearce

You might not be obvious, but if you have a set of files owned by root in a folder owned by another user, and the permissions on these files are set so only the owner can read/write – another user can still delete those files. This is standard *nix file permission behaviour.

According to the following link:
http://www.proftpd.org/docs/howto/

‘… if a user has write permission on a directory (necessary for uploading files to that directory) they also have delete permissions. In Unix, a directory file serves as a sort of “table of contents”, tracking the files in the directory. Adding or removing a file are thus changes on the directory file, and do not involve checking the permissions on the file being added or removed.’

So what do you do if you have a file owned by root that you really don’t want another user to delete, yet you still want allow that user to write to the same folder?

A possible solution is to use file attributes, specifically setting the immutable attribute on files that should not be deleted such as those owned by root.

Setting a file attribute to immutable means that it cannot be modified, deleted or renamed. Not even by the root user.

Shell/SSH:

chattr +i /path/to/file.txt

To remove the immutable attribute ‘root’ will need to remove the immutable flag.

Shell/SSH:

chattr -i /path/to/file.txt

With the immutable attribute set on selected files, other users will still have access to read/write to the home directory and delete files on which it has ownership, but not delete this file.

Remember, only the root user can set and remove the immutable flag.