Hi, Richard Owlett wrote: > As user "richard" I was able to delete them with Caja.
To prevent renaming or deletion of a file, you need to prevent writing to the directory which hosts it. (Actually you delete the "dirent", which points to the inode. The inode gets deleted when its last dirent is gone and no filedescriptor is open on it any more.) You may prevent writing either by taking away w-permission for everybody chmod a-w directory or by preventing users from removing files which they don't own chmod +t directory But the superuser will probably be able to override both of this without the prior need to change the directory permissions. There is chattr +i file with some filesystems. I dimly remember we had a discussion about its effectiveness a while ago ... > Logged into Debian as "richard" SeaMonkey was able to change contents of > those files. It is a usual strategy against softlink spoofing to rename or delete the original file and to store the changed content as new file. Have a nice day :) Thomas
