Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am using samba from a windows client to put some rights access on FTP server on Linux.
I created a folder and I want that a user can write in that folder (put a file for example), but, once he did that, he can't delete or rename the file.
Distribution: Ubuntu 16.04.7 LTS, Kali, MX Linux with i3WM
Posts: 299
Rep:
Surely setting the sticky bit still allows the user to delete and rename his/her files ? It just prevents other users doing such to someone else's files.
I haven't tinkered with Samba for a while but if a user has write access to a directory then even if you confer read only permissions to any file created within that directory because the directory itself has write privileges this takes precedence over file permissions. Hence, you would be able to delete and rename the file created within this directory even if you use the "force create mask 0400 " line in your smb.conf file. Perhaps someone can correct me if I'm wrong.
EDIT: Balebel, Im a tad confused after re-reading your post. I get the impression that it could be your FTP server which needs reconfiguring. If you care using VSFTP you will have to alter you vsftpd.conf file
file_open_mode
The permissions with which uploaded files are created. Umasks are applied on top of this value. You may wish to change to 0777 if you want uploaded files to be executable.
Default: 0666
Obviously change the permission to your desired level of security.
I visited the mentioned links, thank you very much.
I will explain you my problem in another way:
when I create a directory and give the rights 'rwx' for the user, the 'w' one brings with it the fact of adding, removing and renaming files in that directory.
So, I used the smb.conf 'create mask=470' to deprive the right of deleting the file. But, that concerns only files created on the directory,but, the directory it self still contains the right to rename files created in it. so, I tried to use 'directory mask=0555' to make the directory read only. In the other hand, I have 'writable=yes'. It's a contradiction. Is there any way to let 'writable=yes' but changing 'directory mask'.
Distribution: Ubuntu 16.04.7 LTS, Kali, MX Linux with i3WM
Posts: 299
Rep:
Babel, the permissions of the directory will always override anything you have in your smb.conf file. So for example if your samba share directory permission is : drwx------ (0700) i.e read, write, execute user only, then even if your "create mask" is different and creates "read only" files because the directory permission is 0700, user will still be able to delete the file. I do not think that there is a way around it. Directory permissions always override the smb.conf
Samba comes with different types of permissions for share. Try to remember few things about UNIX and Samba permissions.
(a) Linux system permissions take precedence over Samba permissions. For example if a directory does not have Linux write permission, setting samba writeable = Yes (see below) will not allow to write to shared directory / share.
(b) The filesystem permission cannot be take priority over Samba permission. For example if filesystem mounted as readonly setting writeable = Yes will not allow to write to any shared directory or share via samba server.
AS mentioned previously you could set the stickey bit and this will allow ONLY user and no one else to delete his/her file.
Hi uncle-c,
Thank you for your explanation.
I have a little question: Did the changing of ownership of a file used with 'force user' on the creation of a fil delete the ownership of the user who connected on the shared dirctory and created the file?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.