how to prevent users from creating, deleting, renaming directories in Linux?

Question

I am a bit lost with Linux file and directory permissions. What I would like to do is have one user be able to create, delete, and rename directories, while other users are not able to do so, but they should be able to read and write to the directories as well as traverse them.

So group 'storage' has access to directory /workspace, those are the users which are not supposed to be able to create, delete, or rename directories. Group 'storageAdmin' also has access to directory /workspace, but is able to create, delete, or rename directories within.

Whenever 'storageAdmin' creates a new directory it should automatically be accessible to 'storage' such that they can read and write files within it.

Am I correct in that /workspace needs to be owned by 'storageAdmin' and be set to chmod 775 for this to work properly?

Answer 1

The correct permissions are 2775, setting the set gid bit too. This causes new files and directories to inherit the parent's permissions, owner and group.

Be aware though, that the standard unix permissions do not allow you to restrict access to the directory to the storage group after chgrping it to storageAdmin. Everyone has access now according to the other permission set.

Use Posix ACLs or SE Linux if you really need more fine grained access controls.