Hi Everybody,

I am using samba from a windows client to put some rights access on FTP server on Linux.
I created a folder and I want that a user can write in that folder (put a file for example), but, once he did that, he can't delete or rename the file.

Please help me,
I am really blocked

you can set sticky bit on that folder which you samba share .

http://freebooks.by.ru/view/SambaIn24h/ch07-03.htm

Surely setting the sticky bit still allows the user to delete and rename his/her files ? It just prevents other users doing such to someone else's files.
I haven't tinkered with Samba for a while but if a user has write access to a directory then even if you confer read only permissions to any file created within that directory because the directory itself has write privileges this takes precedence over file permissions. Hence, you would be able to delete and rename the file created within this directory even if you use the "force create mask 0400 " line in your smb.conf file. Perhaps someone can correct me if I'm wrong.

EDIT: Balebel, Im a tad confused after re-reading your post. I get the impression that it could be your FTP server which needs reconfiguring. If you care using VSFTP you will have to alter you vsftpd.conf file

http//vsftpd.beasts.org/vsftpd_conf.html

Relevant section :

file_open_mode
The permissions with which uploaded files are created. Umasks are applied on top of this value. You may wish to change to 0777 if you want uploaded files to be executable.

Default: 0666

Obviously change the permission to your desired level of security.

Thank you for your quick responses,

I visited the mentioned links, thank you very much.
I will explain you my problem in another way:
when I create a directory and give the rights 'rwx' for the user, the 'w' one brings with it the fact of adding, removing and renaming files in that directory.
So, I used the smb.conf 'create mask=470' to deprive the right of deleting the file. But, that concerns only files created on the directory,but, the directory it self still contains the right to rename files created in it. so, I tried to use 'directory mask=0555' to make the directory read only. In the other hand, I have 'writable=yes'. It's a contradiction. Is there any way to let 'writable=yes' but changing 'directory mask'.

I hope that you help me

Babel, the permissions of the directory will always override anything you have in your smb.conf file. So for example if your samba share directory permission is : drwx------ (0700) i.e read, write, execute user only, then even if your "create mask" is different and creates "read only" files because the directory permission is 0700, user will still be able to delete the file. I do not think that there is a way around it. Directory permissions always override the smb.conf

http://www.cyberciti.biz/tips/how-do...ba-shares.html

Permission precedence

Samba comes with different types of permissions for share. Try to remember few things about UNIX and Samba permissions.
(a) Linux system permissions take precedence over Samba permissions. For example if a directory does not have Linux write permission, setting samba writeable = Yes (see below) will not allow to write to shared directory / share.

(b) The filesystem permission cannot be take priority over Samba permission. For example if filesystem mounted as readonly setting writeable = Yes will not allow to write to any shared directory or share via samba server.

AS mentioned previously you could set the stickey bit and this will allow ONLY user and no one else to delete his/her file.

Hi uncle-c,
Thank you for your explanation.
I have a little question: Did the changing of ownership of a file used with 'force user' on the creation of a fil delete the ownership of the user who connected on the shared dirctory and created the file?