LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-06-2011, 03:26 AM   #1
balebel
LQ Newbie
 
Registered: Apr 2011
Posts: 10

Rep: Reputation: 0
access rights on files Samba Linux


Hi Everybody,

I am using samba from a windows client to put some rights access on FTP server on Linux.
I created a folder and I want that a user can write in that folder (put a file for example), but, once he did that, he can't delete or rename the file.

Please help me,
I am really blocked
 
Old 04-06-2011, 03:31 AM   #2
sandy.bhadoriya
Member
 
Registered: Dec 2010
Posts: 31

Rep: Reputation: 3
you can set sticky bit on that folder which you samba share .

http://freebooks.by.ru/view/SambaIn24h/ch07-03.htm
 
Old 04-06-2011, 03:57 AM   #3
uncle-c
Member
 
Registered: Oct 2006
Location: The Ether
Distribution: Fedora 14, Ubuntu , Slax 5.1.8, OpenSolaris, Centos 4.8
Posts: 296

Rep: Reputation: 30
Surely setting the sticky bit still allows the user to delete and rename his/her files ? It just prevents other users doing such to someone else's files.
I haven't tinkered with Samba for a while but if a user has write access to a directory then even if you confer read only permissions to any file created within that directory because the directory itself has write privileges this takes precedence over file permissions. Hence, you would be able to delete and rename the file created within this directory even if you use the "force create mask 0400 " line in your smb.conf file. Perhaps someone can correct me if I'm wrong.

EDIT: Balebel, Im a tad confused after re-reading your post. I get the impression that it could be your FTP server which needs reconfiguring. If you care using VSFTP you will have to alter you vsftpd.conf file

http//vsftpd.beasts.org/vsftpd_conf.html

Relevant section :

file_open_mode
The permissions with which uploaded files are created. Umasks are applied on top of this value. You may wish to change to 0777 if you want uploaded files to be executable.

Default: 0666


Obviously change the permission to your desired level of security.

Last edited by uncle-c; 04-06-2011 at 05:15 AM.
 
Old 04-06-2011, 07:43 AM   #4
balebel
LQ Newbie
 
Registered: Apr 2011
Posts: 10

Original Poster
Rep: Reputation: 0
Thank you for your quick responses,

I visited the mentioned links, thank you very much.
I will explain you my problem in another way:
when I create a directory and give the rights 'rwx' for the user, the 'w' one brings with it the fact of adding, removing and renaming files in that directory.
So, I used the smb.conf 'create mask=470' to deprive the right of deleting the file. But, that concerns only files created on the directory,but, the directory it self still contains the right to rename files created in it. so, I tried to use 'directory mask=0555' to make the directory read only. In the other hand, I have 'writable=yes'. It's a contradiction. Is there any way to let 'writable=yes' but changing 'directory mask'.

I hope that you help me
 
Old 04-06-2011, 08:49 AM   #5
uncle-c
Member
 
Registered: Oct 2006
Location: The Ether
Distribution: Fedora 14, Ubuntu , Slax 5.1.8, OpenSolaris, Centos 4.8
Posts: 296

Rep: Reputation: 30
Babel, the permissions of the directory will always override anything you have in your smb.conf file. So for example if your samba share directory permission is : drwx------ (0700) i.e read, write, execute user only, then even if your "create mask" is different and creates "read only" files because the directory permission is 0700, user will still be able to delete the file. I do not think that there is a way around it. Directory permissions always override the smb.conf

http://www.cyberciti.biz/tips/how-do...ba-shares.html

Permission precedence

Samba comes with different types of permissions for share. Try to remember few things about UNIX and Samba permissions.
(a) Linux system permissions take precedence over Samba permissions. For example if a directory does not have Linux write permission, setting samba writeable = Yes (see below) will not allow to write to shared directory / share.

(b) The filesystem permission cannot be take priority over Samba permission. For example if filesystem mounted as readonly setting writeable = Yes will not allow to write to any shared directory or share via samba server.


AS mentioned previously you could set the stickey bit and this will allow ONLY user and no one else to delete his/her file.

Last edited by uncle-c; 04-06-2011 at 08:54 AM.
 
Old 04-07-2011, 12:21 PM   #6
balebel
LQ Newbie
 
Registered: Apr 2011
Posts: 10

Original Poster
Rep: Reputation: 0
Hi uncle-c,
Thank you for your explanation.
I have a little question: Did the changing of ownership of a file used with 'force user' on the creation of a fil delete the ownership of the user who connected on the shared dirctory and created the file?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apple mounted samba directory with bad access rights ToK Linux - Server 0 03-22-2008 05:23 AM
Samba Access Rights esasse Linux - Newbie 6 12-22-2004 07:45 AM
Access Rights using Samba Nylix Linux - Newbie 1 05-14-2004 04:01 PM
Samba and access rights schaf Linux - Newbie 1 08-14-2003 10:19 AM
Samba Access rights ppuddick Linux - Networking 2 07-17-2002 12:28 PM


All times are GMT -5. The time now is 06:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration