Running Solaris 11 and would like to STOP users deleting there web directory ($HOME/public_html), but i want them to create, edit and delete files under that directory.
I thought the correct solution would be to have normal permissions but add a deny for delete, but it does not work.
Any ideas?
<pre>
# ls -ldV /home/andrew/public_html
drwx--x--x+ 2 andrew staff 2 May 29 17:06 /home/andrew/public_html
user:andrew:----d------Co-:-------:deny
owner@:----d------Co-:-------:deny
group:staff:--x---a-R-c--s:fd-----:allow
user:andrew:rwxp--aARWc--s:fd-----:allow
owner@:rwxp--aARWc--s:fd-----:allow
group@:--x---a-R-c--s:fd-----:allow
everyone@:--x---a-R-c--s:fd-----:allow
# $ ls -ldv /home/andrew/public_html
drwx--x--x+ 2 andrew staff 2 May 29 17:06 /home/andrew/public_html
0:user:andrew:delete/write_acl/write_owner:deny
1:owner@:delete/write_acl/write_owner:deny
2:group:staff:read_xattr/execute/read_attributes/read_acl/synchronize
:file_inherit/dir_inherit:allow
3:user:andrew:list_directory/read_data/add_file/write_data
/add_subdirectory/append_data/read_xattr/write_xattr/execute
/read_attributes/write_attributes/read_acl/synchronize
:file_inherit/dir_inherit:allow
4:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/read_xattr/write_xattr/execute/read_attributes
/write_attributes/read_acl/synchronize:file_inherit/dir_inherit
:allow
5:group@:read_xattr/execute/read_attributes/read_acl/synchronize
:file_inherit/dir_inherit:allow
6:everyone@:read_xattr/execute/read_attributes/read_acl/synchronize
:file_inherit/dir_inherit:allow
</pre>