Help required with samba... deny delete but allow write?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Help required with samba... deny delete but allow write?
Hi there,
Is there a way to allow some user write access to a share but deny delete?The users will need write access to some folders but since everyone logs in to linux/samba share with the same username and password (dumb people, they dont like different users/passwords), they will sometime try to delete other's files.So is there a samba config directive so lets say user TOM has write access to \\somemachine\SHARE but he cannot delete what he already copied there? I hope I made myself pretty clear, if not, excuse me, im typing after 16 hours of work.Thank you
you could use the "sticky bit" trick. I don't quite remember, but I think this permission bit make sure no one can delete a file but the owner. With samba, you could make sure the owner is always "someone" even if your clients are using "anyone".
You can set this with "chmod 1755 a_file" as example. Of course, you will have to set something like this as default permission in samba.
Do some search about it, I'm not quite sure if I am telling you total bs or if my memory is right. Search about forth permission byte (mean : UID = 4XXX, GID = 2XXX, SID = 1XXX )
I think sticky bit doesn't help, because if the sticky bit is set, the owner of a file still can delete it. In this situation all the people are logged with the same login, so they all are the owners of files they create. I have exactly the same problem and I have not found the solution yet.
As I said, you could set samba so that ALL files created belong to a certain user (let's call it samba_user) even if they are created by another user (bill, bob, joe).
So even if "Bill", "Bob" or "Joe" create a file with permission 777 (read/write/execute) they won't be able to delete it because it will be owned by "samba_user" and so with sticky bit, only "samba_user" will be able to remove it.
Do you have many Linux users connecting to a share on a Windows box or the obverse? Since the "sticky bit" is only availabe on Linux file systems, I suspect the later; but, in the former case, I think you can do it with NTFS permission settings.
On the other hand, again, just a thought, but arn't FTP sites sometimes set up with "no delete" permissions on their upload directories? If so, you might be able to see how they do it, and adapt that sceme to you situation.
One other thought: I everyone is connecting using the same userid, how can you tell that TOM instead of JERRY created any specific file? If you can't tell them apart on the server side of the Samba wall, I don't see that you have any hope of solving your problem.
If you can distingush TOM from JERRY, why not set up differen account on the server for them, and proxy a connection (through localhost) for them in their own account. You wouldn't even have to tell them that they had accounts on the server . . .
Just a vague thought, sorry it doesn't help much -- "The devil is in the details."
Sorry Half_Elf. I understood the next part of your previous post after the same idea occured to me: to make the owner of all files the same person for example "root".
I have samba on a linux server and a few different windows clients (xp, 95, 98). So far I am trying to test it on one client with xp. Is the sticky bit useful in this case?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.