Preventing specific folder deletion in CentOS
It would be nice if you could use the immutable flag on directories, but you can cheat by making a file in that directory that is immutable. So touch virtu_user_X/.immutable
then chattr +i virt_user_x/.immutable
. For example:
[root@hellonurse ~]# cd /root
[root@hellonurse ~]# mkdir z
[root@hellonurse ~]# cd z
[root@hellonurse z]# touch .i
[root@hellonurse z]# chattr +i .i
[root@hellonurse z]# cd ..
[root@hellonurse ~]# rm -rf z
rm: cannot remove ‘z/.i’: Operation not permitted
[root@hellonurse ~]# chattr -i z/.i
[root@hellonurse ~]# rm -rf z
[root@hellonurse ~]# ls z
ls: cannot access z: No such file or directory
Take away write permissions for that user using file system access control lists (ACL) - setfacl
command.
setfacl -m u:master_virtual_user:r-x virtual_user_*