It doesn't have to be, does it? Drop the S_IWOTH from it.

cryptonector · 2024-10-22T21:55:01.000000Z

But you'll have to have all users be members of the group then. That gets you nothing.

Joker_vD · 2024-10-22T22:19:46.000000Z

No you don't have to?

    joker@e2509h:~/test_tmp$ ll
    total 12K
    drwxr-xr-x  3 joker joker 4.0K Oct 22 22:12 ./
    drwxr-x--- 11 joker joker 4.0K Oct 22 22:12 ../
    drwxr-xr-x  3 root  root  4.0K Oct 22 22:13 tmp/
    joker@e2509h:~/test_tmp$ cd tmp
    joker@e2509h:~/test_tmp/tmp$ ll
    total 12K
    drwxr-xr-x 3 root  root  4.0K Oct 22 22:13 ./
    drwxr-xr-x 3 joker joker 4.0K Oct 22 22:12 ../
    drwxr-xr-x 2 joker joker 4.0K Oct 22 22:13 joker/
    -rw-r--r-- 1 root  root     0 Oct 22 22:15 z
    joker@e2509h:~/test_tmp/tmp$ touch x
    touch: cannot touch 'x': Permission denied
    joker@e2509h:~/test_tmp/tmp$ rm z
    rm: remove write-protected regular empty file 'z'? y
    rm: cannot remove 'z': Permission denied
    joker@e2509h:~/test_tmp/tmp$ touch joker/x
    joker@e2509h:~/test_tmp/tmp$ ll joker
    total 8.0K
    drwxr-xr-x 2 joker joker 4.0K Oct 22 22:13 ./
    drwxr-xr-x 3 root  root  4.0K Oct 22 22:15 ../
    -rw-r--r-- 1 joker joker    0 Oct 22 22:13 x
    joker@e2509h:~/test_tmp/tmp$ rm joker/x
    joker@e2509h:~/test_tmp/tmp$

Looks like it works just fine.