[rsbac] Disable file deletion.

Andrea Pasquinucci liste at ucci.it
Fri Jul 6 11:17:40 CEST 2007

On Mon, Jul 02, 2007 at 04:59:44PM +0200, Amon Ott wrote:
* On Monday 02 July 2007 16:45, Sander Klein wrote:
* > I'm new to rsbac so this question might be off topic for this list.
* >
* > I'm looking for a way to have my users upload files (preferably
* > using ssh) and not be able to delete or modify them after they have
* > uploaded them. Is rsbac capable of doing this?
* You can set FF flag APPEND_ONLY - all allowed write accesses are 
* CREATE and APPEND_OPEN then. RC and ACL can do the same, and 
* additionally allow somebody else different kinds of access.
* So you can easily deny RENAME, DELETE and other write accesses. RSBAC 
* does not have a "write_once" right, though, so that appends will 
* still be possible.

I am doing this (i.e. using APPEND_ONLY with RC) in production 
environment to simulate soft WORM (Write-Once Read-Many) and there is a 
growing demand for this, for example to store log files or transactions 
files with digital signatures to be 'forensic proven'. 

A real soft WORM feature would be very useful and will allow the use of 
RSBAC also for these particular applications. Is it possible? Thanks,


Andrea Pasquinucci                     liste at ucci.it - http://www.ucci.it/

More information about the rsbac mailing list