Prevent directory moving and renaming on samba share
I have a Samba shared network drive. It's smb.conf attributes are:
Code:
readonly = no All that works fine in that all Windows users can read/update any files and folders on this share. However, I now want some of the directories to have unchangeable names since certain paths get stored in the database. For example I need: Code:
drwxrwx--x 14 user group 4096 2022-12-22 10:12 Accts\ Payable\ -\ ofc/ Can this be done? |
The ONLY way I know to get that behavior is to allow only READ ONLY access on those files and folders, and in some cases even THAT does not suffice.
At a previous work location I advised to allow access using SAMBA only to a select group, and make the rest operate clients over network using only the application protocol or SFTP protocol. Where they did not take my advice remediation for accidental file or folder moves was routine. (( I am not always right, but when I am I remember FOREVER! ;-) )) |
Quote:
As noted by wpeckham, accidental file or folder moves are a 'feature' of Windows/SMB file shares. You can't disable drag & drop in Windows, so any Windows user who has permissions to write to that share can cause havoc. If you do a search, you will find many, many forum posts by exasperated admins about this very big problem. What I've done at the office on the client machines is something like this: https://www.top-password.com/blog/di...in-windows-10/ It doesn't disable drag and drop, just decreases its sensitivity. Users will complain about their computer being slow to respond, but it does go some way to preventing accidental moves. If you're running an AD server, you might be able to set this as group policy, but I don't know because I haven't tried. |
hmm, that sucks. So I can't even use Access Control Lists for this?
|
is it an ext4 filesystem (that you want to access from windows)? Or?
|
Quote:
There is another solution: https://github.com/broken-e/DragDropConfirm. This causes a confirmation dialog box to pop-up every time someone tries to move or rename a file or directory. You'd need to install it at the client end... and trust that your users aren't stupid enough to click OK instead of Cancel. |
All times are GMT -5. The time now is 04:33 PM. |