samba share with read,write but no delete to users
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
samba share with read,write but no delete to users
Hi Team,
I am using a samba sever as sharing the dir /home/rncit.
All the users login to server by user rncit.I need to set rights read,write,create,modify but no delete by user rncit on windows clients for /home/rncit.
Could you please help me how i can do this?
I am totally blocked here
Well, you could add the 'recycle' option to your [homes] share definition:
Code:
[homes]
comment = Home Directories
browseable = no
writable = yes
users = %S
only user = %S
vfs objects = recycle
It won't stop them from "deleting" a file (by their perception), but will just move the files they try to delete to a hidden ".Recycle" folder at the top level of the share. The problem you have is the fact that they have write permissions, which, in the general translations of Windows permissions to linux permissions, will allow them to delete.
The other option is looking into the "acl check permissions" for the share (e.g. man smb.conf), but it seems that with all the latest changes in Windows security, trying to run that level of granular permission checks between the two systems may be problematic at best, exasperating at worst.
If a user has read and write permissions, then a file can be opened and all the content removed. This renders ineffective the lack of an ability to delete a file as a protection from malicious alteration.
If a user has read and write permissions, then a file can be opened and all the content removed. This renders ineffective the lack of an ability to delete a file as a protection from malicious alteration.
So the question is: What is the difference between write permission and delete permission? I guess it is easy to accidentally delete 10,000 files, but hard to accidentally overwrite them. However a malicious user could easily overwrite 10,000 files.
If this is a concern, perhaps frequent incremental backups would give some protection, or version control (revision control).
The way *nix perms work is that 'rw' perms on the file itself only apply to the file content aka data (or code if a program).
'w' perms on the containing dir dictate file creation/deletion; read that again slowly... there's no 'delete' perm.
Being able to 'write' to a dir means being able to create OR delete files inside that dir.
You can add the sticky bit 't' to the global perms see eg /tmp
Code:
drwxrwxrwt. 19 root root 4096 May 24 10:50 tmp
which means that only the creating file's owner (or root) can delete the file.
Note that for personal home dirs, it shouldn't be an issue, just for shared dirs.
In any case, its really down to training the users and backups (only counts if you've done test restores....).
Thanks a lot.
I set the permissions as follows:
chown -R root:root /home/rncit/
chmod +t /home/rncit/
after doing this permission as showing:
drwxrwxrwt 107 root root 430080 May 24 10:27 rncit
when i try to delete something by windows share, It did not prevent to deletion and renaming the file.
Actually i have to prevent the following path:
\\10.XX.XX.XX\rncit\
please do the needful as its very critical for me.
Hi team,
After a lot of googling,got the resolution.
login to system at root
root@localhost#chown -R root:root /path/dir/
root@localhost#chmod -R 1777 /path/dir/
root@localhost#service smb restart
After doing this,user are allowed only read,write,modify but not delete and rename file at samba share.
Make a entry in crontab file for schedule the task at specified time. so newly created file not be created or renamed.
@Team:I am looking forward to edit the crontab file. Could you please help me to do this?
Thanks and Regards
Boby
Last edited by boby.kumar; 05-25-2013 at 04:55 AM.
Thanks a lot for the support you have been providing to me. Again looking for help here regarding samba share.
Actually I need to share the following path to samba share:/home/rncit/, and its successfully done. but problem is that A root share is also shared.A snapshot is given below..
RNCIT ROOT
PRINTER AND FAXES
When I run the following command to delete the samba root user, getting the following error..
[root@em1 ~]# smbpasswd -x root
Failed to delete entry for user root.
Could you please help me how to remove this problem as now totally stucked here?
Another command I run for disable the samba root user:[root@em1 ~]# smbpasswd -d root
Disabled user root.
Samba is not accessible here.
Please do the needful to overcome this problem.
NOTE: I need to share only RNCIT share for samba share
Thanks and Regards
Boby
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.