Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The ability to delete a file (symbolic links are just pointer files) from a directory, requires write permissions to the directory the file is in. If you take away write permission for those users, they will not be able to delete the file.
If those users really need write permission to that directory, the is another alternative. You can set the "sticky" bit on the directory.
The sticky bit allows users to only delete files they own, even
though many users have write access to the directory.
To set the permissions on the directory, use
chmod 1777 /tmp
permissions will look like this:
ls -ld /tmp
drwxrwxrwt 37 root root 51200 May 2 20:08 /tmp
I have a symlink in /home/samba/public that points to /some/path, my samba directory is read only(dr-xr-xr-x), but the symlink gets created with lrwxrwxrwx permission. I'we recreated the link several times but the permissions are the same lrwxrwxrwx
Is there anything else i should do?
Symlinks will always have those permissions. In the case of symlinks you have to be either the owner or a member of the symlink's group to delete it. Of course, if an upper level directory is keeping you from getting there, that doesn't matter.
If you want to keep someone from accessing your file via the symlink you just need to set the permissions on your file to be restrictive enough, and (unfortunately) if you want them to be able to access it (and it points into your home directory), they would have to be able to access it via the direct path as well (as far as permissions go), so you'd be giving up some security.
Symlinks will always have those permissions. In the case of symlinks you have to be either the owner or a member of the symlink's group to delete it.
This is not correct in my case because the owner of the symlink is root(lrwxrwxrwx 1 root root), and users are still able to delete them.
I applied the desired secutiry permissions on the target directory, it's just that users ca delete the symlinks and cause (un)intentional problems. Is there any other way to make symlinks undeletable?
It sounds like the key to your problem is in samba.
The base user of samba is root which means it can
can delete any file reguardless of the directory permissions.
Do users need write permission on this share? If
not, make sure smb.conf has this share set with read only = no.
There may be some other settings in samba to look at also,
like force user = pubic.
A work around would be to create a shell script to checks for the
link and recreates if it gets deleted.
#!/bin/bash
# Create deleted symbolic link
LINKNAME=/home/samba/public/link
while [ forever ]
do
if [ ! -e "$LINKNAME" ]
then
ln -s /home/samba/public/orginalfile $LINKNAME
## Wait one minute and check again VERY IMPORTANT LINE
sleep 60 # Could wait 5m (5 minutes, etc) done run too often
done
This could be put in the smbd startup script right after
the "start)" line to execute on reboot.
rlhartmann you were right in your first post, i had to make the directory the symlink is in read only for users, and now thei can't delete the symlinks.
Thanks everyone for helping.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.