So I've been put in charge of setting up and maintaining our department's new dispatch/switchboard computer. In trying to keep it clean and in order, I was hoping, if possible, to be able to give users read/write access to information in files themselves, but to block them from renaming the files or moving them.
I tried giving r-x access to a folder and rwx access to the file inside. This lets them open the file and prohibits them from moving/renaming it, but prohibits them from saving any changes (because they can't write to the folder).
Is this an impossible feat I'm hoping for? If not, then how could I go about it?
What you want to do is something that Unix was never designed to do.
Simply put, Unix does not give you the granularity necessary to do what you want to do.
You need ACLs (Access Control Lists) which most Unix variants do not support.
Unix was built upon a model of "peer-pressure." That is to say, it was designed in a small lab environment where everyone knew everyone else and if somebody did something either dumb and stupid, or "oops," their peers knew about it immediately or could simply walk through the 5 or 10 cubicles necessary to find out who deleted the file, then slap them up-side-the-head so they wouldn't do it again.
Later as Unix expanded, attempts were made to graft all kinds of controls on to this primitive "read-write-execute," "User-Group-Other" construct but they never really worked... especially not the way people really worked once you got beyond a small group of about 10 people and about the year 1990. (And their implementations, like with sticky-bits, varies across Unix implementations.)
It's a difficult problem - you may be able to create extreme straight jackets on what people can do. But these are normally not at all what people "want" to do. This is why things like Oracle or Ingress have been written to bypass the inherent lack of this flexibility at the OS level and insert it at the application level. Their ability to "store data" is only a very small part of their feature set. The ability to CONTROL ACCESS to the data is their strong point -- who can name it, create it, read it, update it, destroy it, etc. The ability to sort the data and present it in different ways is "just a GUI" that rides on top of the security and control.
T.T.F.N. William H. Magill # Beige G3 - Rev A motherboard - 768 Meg # Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg # PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
