LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   protect my files & directories to delete ? (http://www.linuxquestions.org/questions/linux-security-4/protect-my-files-and-directories-to-delete-917320/)

rabir 12-05-2011 09:05 PM

permission [Make my files readable ,writable but couldnot be delete] ?
 
Dear Everyone

i fell some critical thinking when setting permission for my files & directories on share zone(samba,ftp). i try to set their permission in such a way that a registered user can read & write but couldn't delete a file.

Thnaks in advance.
sorry for my bad english.

please help

corp769 12-05-2011 09:11 PM

Deleted due to confusion.

rabir 12-05-2011 11:42 PM

protect my files & directories to delete ?
 
Dear all

greetings.

i set permission on FTP files & directories as 644 & 755. but some users can delete the files inside in. how could i make my files non-deletable ?

thanks in advance for replies

corp769 12-05-2011 11:48 PM

Deleted.

rabir 12-06-2011 01:12 AM

thanks for response

my samba share configuration here
/*
[samba]
comment=public stuff
path=/samba
public=yes
create mask=0664
directory mask=0775
writable=yes

*/

now i try to protect my files to delete.
in my exixting configuration it is available to create & access.

Reuti 12-06-2011 05:51 AM

The thread started with FTP, not Samba. Are you now trying to configure an FTP server or Samba?

Reuti 12-06-2011 06:00 AM

If you grant write access to a file, it could also be emptied. Is this what you want? Usually it’s set up by disallowing a write to the directory itself (but then they also couldn’t create a file).

mesuutt 12-06-2011 06:59 AM

I hope sticky bit solve your problem .
If you add sticky bit to parent directory of files, anyone can't remove files in directory.Only file's owner can remove files :)
Code:

chmod +t <parent directory of your files>
See : http://en.wikipedia.org/wiki/Sticky_bit

corp769 12-06-2011 07:17 AM

Deleted. Sorry for any inconveniences.....

deep27ak 12-06-2011 07:54 AM

I hope you know about sticky bit

You can use this

Code:

#chmod 1664 /path/to/share
or
#chmod -R 1664 /path/to/share

change the permission as per your requirements and "1" represents sticky bit

check this link for more information on sticky bit

http://www.linuxquestions.org/questi...d-sgid-258719/

deep27ak 12-06-2011 07:56 AM

Quote:

Originally Posted by rabir (Post 4543059)
Dear Everyone

i fell some critical thinking when setting permission for my files & directories on share zone(samba,ftp). i try to set their permission in such a way that a registered user can read & write but couldn't delete a file.

Thnaks in advance.
sorry for my bad english.

please help

you have asked same type of question in two threads....?

http://www.linuxquestions.org/questi...delete-917320/

corp769 12-06-2011 08:00 AM

Ahh, that's why I referred to samba in that other one originally. I wasn't crazy after all! Thanks for pointing that out. Reporting this thread to be closed, since this thread is newer.

deep27ak 12-06-2011 08:16 AM

Quote:

Originally Posted by corp769 (Post 4543374)
Ahh, that's why I referred to samba in that other one originally. I wasn't crazy after all! Thanks for pointing that out. Reporting this thread to be closed, since this thread is newer.

Well if you are closing that thread then I will repost my answer in this thread

Quote:

Originally Posted by rabir (Post 4543374)
Dear Everyone

i fell some critical thinking when setting permission for my files & directories on share zone(samba,ftp). i try to set their permission in such a way that a registered user can read & write but couldn't delete a file.

Thnaks in advance.
sorry for my bad english.

please help

I hope you know about sticky bit

You can use this


Code:

#chmod 1664 /path/to/share
or
#chmod -R 1664 /path/to/share

change the permission as per your requirements and "1" represents sticky bit

check this link for more information on sticky bit

http://www.linuxquestions.org/questi...d-sgid-258719/

corp769 12-06-2011 08:17 AM

+1 to the sticky bit.

And sorry for any confusion before within my posts. I deleted them because nothing seemed right after reading them.

EricTRA 12-06-2011 08:30 AM

Hello,

You could also check out chattr. The advantage is that whatever attributes you change will not show with an ordinary ls, you'll need lsattr. And only root can change the attributes if you need to change them again.
Quote:

DESCRIPTION
chattr changes the file attributes on a Linux file system.

The format of a symbolic mode is +-=[acdeijstuADST].

The operator `+' causes the selected attributes to be added to the existing attributes of the files; `-' causes them to be removed; and `=' causes them to
be the only attributes that the files have.

The letters `acdeijstuADST' select the new attributes for the files: append only (a), compressed (c), no dump (d), extent format (e), immutable (i), data
journalling (j), secure deletion (s), no tail-merging (t), undeletable (u), no atime updates (A), synchronous directory updates (D), synchronous updates
(S), and top of directory hierarchy (T).

The following attributes are read-only, and may be listed by lsattr(1) but not modified by chattr: huge file (h), compression error (E), indexed directory
(I), compression raw access (X), and compressed dirty file (Z).
Kind regards,

Eric


All times are GMT -5. The time now is 08:58 PM.