There are plenty of questions dealing with the opposite case to this question, but I've not managed to find an answer for this way round.

Is it possible to set permissions on a linux directory such that a user may read and delete files already present, but not create new ones?

I suspect not as it seems like delete must require 'write' access to the directory, but I'd be happy to be proved wrong!

1 Answer 1


The short answer here is no, you can't do what you are asking with the existing file permissions system. Delete will require write access, and even the sticky bit on the directory will only prevent deletes/renames by non-owners, there is no reverse equivalent.

I suppose there might be a way to do this with FUSE but that would be a lot of work - if you are going to go to that sort of trouble, an application to control access would be a lot more flexible.

Finally, if this is simply about changing/updating/removing files, I would probably use a version control system like git to allow someone to change whatever they like on their local copy but then have to submit a pull request (or get permission to check in etc.) their changes to the master copy. It requires a workflow change but gives you nice ways to roll back, reject changes etc.

  • This is a log file directory so we wanted to allow the user to manually clear it out but not to be able to modify the logs - looks like either deleting the oldest automatically or trusting the user to not screw the files up is the answer then. :)
    – jam
    Commented Oct 24, 2013 at 14:53
  • 1
    Ah, in that case you could use the sticky bit, or permissions in general to stop them from screwing them up and use a cron job, or one of the standard (configurable) log rotation utilities to automatically manage it. Generally, I've found that something like: archive anything older than 1 week (compress) and then delete anything older than 6 months works well, but it depends on the use case.
    – Adam C
    Commented Oct 24, 2013 at 14:58
  • 1
    Just for reference, logrotate is pretty standard these days, and there are other options too: linuxcommand.org/man_pages/logrotate8.html
    – Adam C
    Commented Oct 24, 2013 at 14:59

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .