0

I would like to prevent a user (identified by uid) from creating and deleting files in /tmp, but allow this user to create files in directory /tmp/hello, which is owned by this user. How can I achieve that? Only this user should be prevented from creating and deleting files in /tmp, other users whoever have the appropiate permission shouldn't be prevented. /tmp is owned by root.

Improve this question
2
  • 2
    /tmp is usually a quite special directory in that everyone is allowed to create files and directories in it. Is there a particular reason you'd want to disallow this user from creating files under /tmp? Does it have to do with the location of temporary files? If so, does the software that you use honour the TMPDIR environment variable (you would use it to specify another directory to create temporary files in). In short, what is the underlying problem that you are trying to solve? Commented Mar 3, 2019 at 10:28
  • In fact, I'm running untrusted codes (similar to student's homework) on the system, so I need to make restrictions so that the unstrusted program won't mess up the system. I placed the program in /tmp/hello, and I want to make sure this program can only create files in the same directory of the program. Commented Mar 3, 2019 at 10:56

1 Answer 1

Reset to default
0

You can do this using file ACLs.

You prevent the user badguy from creating files in tmp with:

setfacl -m u:badguy:r-x /tmp

And you can allow it to write to the hello directory “normally” (allow everyone, chown the directory to badguy) or, again, with file ACLS:

setfacl -m u:badguy:rwx /tmp/hello
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.