samba question

jayakrishnan · 05-08-2003, 12:53 AM

hi all

in samba how do i set the permisions so that the file/dir is writeable but not deletable

thanks

Sutekh · 05-09-2003, 12:19 AM

the samba permissions are basically unix permissions so if you can write you can delete

dorian33 · 05-09-2003, 03:12 PM

if you are using ext2 or ext3 check chattr +u filename

jayakrishnan · 05-22-2003, 11:43 PM

thanks all but i got a bettr option

here it is

chmod -R 1777 <directory>

this will make the directory readable,wireable,executable to user,group,others but they will not be able to delete it

jayakrishnan · 05-22-2003, 11:50 PM

but i have another problem when i create a subdirectory within the main directory for which i have set the above perms i am able to delete it, it does not get the same permissions

what should i do for that

thanks

regards
jayakrishnan

Sutekh · 05-23-2003, 03:11 AM

good point, forgot the sticky bit!

anyway you should be able to set the smb.conf options

directory mask = 1777
create mask = 1777
force user=root

to acheive this effect.

AFAIK the sticky bit allows only the ownder of the directory to delete it so in this case if you created it you could delete it, but no one else could. The above force user option means all files/dir's are created as if from that user so use root or some other uid that is not normally used.

jayakrishnan · 05-23-2003, 03:44 AM

thanks suketh

jayakrishnan · 05-23-2003, 04:04 AM

I added the those statements to my smb.conf file but the user is able to delete the file/directory, even though the full permissions
have been set

rwxrwxrwt

the user nad group of the file is root

jayakrishnan · 05-23-2003, 04:08 AM

AFAIK

force user=root

connects to the server as a root user, that means the connecting user has the full perms

Sutekh · 05-23-2003, 04:21 AM

oops so it does, I had never used it and hadn't really thought that through. I guess you could run a script to change the owner or each directory and put the script into cron but that is a bit kludgey, besides it is possible for the directory to be quickly created and deleted in this way anyway. I will have to have a closer look

jayakrishnan · 06-01-2003, 04:01 AM

Hi

can some one help me with this

regards
jayakrishnan

gupi · 06-01-2003, 06:53 AM

Quote:

force create mode (S)

This parameter specifies a set of UNIX mode bit permissions that will always be set on a file created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a file that is being created or having its permissions changed. The default for this parameter is (in octal) 000. The modes in this parameter are bitwise 'OR'ed onto the file mode after the mask set in the create mask parameter is applied.

See also the parameter create mask for details on masking mode bits on files.

See also the inherit permissions parameter.

Default: force create mode = 000

Example: force create mode = 0755

would force all created files to have read and execute permissions set for 'group' and 'other' as well as the read/write/execute bits set for the 'user'.

Now all you have to do is take a closer look at the smb.conf(5) man page

Sutekh · 06-01-2003, 08:20 AM

gupi,

the problem is that the user that owns the directory/file has write permission and therefore can delete, this is the original problem jayakrishnan was trying to get around. We have already discussed useing the create mask's to set the sticky bit but this still does not help if the person trying to delete owns the file.