LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-23-2013, 12:10 PM   #1
boby.kumar
Member
 
Registered: Mar 2013
Posts: 94

Rep: Reputation: Disabled
samba share with read,write but no delete to users


Hi Team,
I am using a samba sever as sharing the dir /home/rncit.
All the users login to server by user rncit.I need to set rights read,write,create,modify but no delete by user rncit on windows clients for /home/rncit.

Could you please help me how i can do this?
I am totally blocked here

thanks and Regards
Boby
 
Old 05-23-2013, 02:43 PM   #2
ShadowCat8
Member
 
Registered: Nov 2004
Location: Ontario, CA
Distribution: Gentoo, Arch, (RedHat4.x-9.x, FedoraCore 1.x-4.x, Debian Potato-Sarge, LFS 6.0, etc.)
Posts: 241

Rep: Reputation: 52
Greetings,

Well, you could add the 'recycle' option to your [homes] share definition:
Code:
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
        users = %S
        only user = %S
        vfs objects = recycle
It won't stop them from "deleting" a file (by their perception), but will just move the files they try to delete to a hidden ".Recycle" folder at the top level of the share. The problem you have is the fact that they have write permissions, which, in the general translations of Windows permissions to linux permissions, will allow them to delete.

The other option is looking into the "acl check permissions" for the share (e.g. man smb.conf), but it seems that with all the latest changes in Windows security, trying to run that level of granular permission checks between the two systems may be problematic at best, exasperating at worst.

HTH. Let us know.
 
Old 05-23-2013, 07:17 PM   #3
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 4,680

Rep: Reputation: 1566Reputation: 1566Reputation: 1566Reputation: 1566Reputation: 1566Reputation: 1566Reputation: 1566Reputation: 1566Reputation: 1566Reputation: 1566Reputation: 1566
If a user has read and write permissions, then a file can be opened and all the content removed. This renders ineffective the lack of an ability to delete a file as a protection from malicious alteration.
 
Old 05-23-2013, 08:25 PM   #4
Beryllos
Member
 
Registered: Apr 2013
Location: Massachusetts
Distribution: Debian
Posts: 362

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by allend View Post
If a user has read and write permissions, then a file can be opened and all the content removed. This renders ineffective the lack of an ability to delete a file as a protection from malicious alteration.
So the question is: What is the difference between write permission and delete permission? I guess it is easy to accidentally delete 10,000 files, but hard to accidentally overwrite them. However a malicious user could easily overwrite 10,000 files.

If this is a concern, perhaps frequent incremental backups would give some protection, or version control (revision control).
 
Old 05-23-2013, 08:54 PM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,417

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
The way *nix perms work is that 'rw' perms on the file itself only apply to the file content aka data (or code if a program).

'w' perms on the containing dir dictate file creation/deletion; read that again slowly... there's no 'delete' perm.
Being able to 'write' to a dir means being able to create OR delete files inside that dir.

You can add the sticky bit 't' to the global perms see eg /tmp
Code:
drwxrwxrwt.  19 root root  4096 May 24 10:50 tmp
which means that only the creating file's owner (or root) can delete the file.

Note that for personal home dirs, it shouldn't be an issue, just for shared dirs.

In any case, its really down to training the users and backups (only counts if you've done test restores....).

HTH
 
1 members found this post helpful.
Old 05-24-2013, 02:20 AM   #6
boby.kumar
Member
 
Registered: Mar 2013
Posts: 94

Original Poster
Rep: Reputation: Disabled
Thanks a lot.
I set the permissions as follows:
chown -R root:root /home/rncit/
chmod +t /home/rncit/
after doing this permission as showing:
drwxrwxrwt 107 root root 430080 May 24 10:27 rncit

when i try to delete something by windows share, It did not prevent to deletion and renaming the file.

Actually i have to prevent the following path:
\\10.XX.XX.XX\rncit\

please do the needful as its very critical for me.

Thanks and Regards
Boby
 
Old 05-24-2013, 02:42 AM   #7
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 9,876

Rep: Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908
probably you can remove the write permission on dirs, in that case files cannot be renamed/created/deleted.
 
Old 05-25-2013, 05:54 AM   #8
boby.kumar
Member
 
Registered: Mar 2013
Posts: 94

Original Poster
Rep: Reputation: Disabled
Hi team,
After a lot of googling,got the resolution.
login to system at root
root@localhost#chown -R root:root /path/dir/
root@localhost#chmod -R 1777 /path/dir/
root@localhost#service smb restart

After doing this,user are allowed only read,write,modify but not delete and rename file at samba share.

Make a entry in crontab file for schedule the task at specified time. so newly created file not be created or renamed.

@Team:I am looking forward to edit the crontab file. Could you please help me to do this?

Thanks and Regards
Boby

Last edited by boby.kumar; 05-25-2013 at 05:55 AM.
 
Old 05-26-2013, 08:20 PM   #9
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,417

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
http://www.adminschoice.com/crontab-quick-reference
 
Old 06-25-2013, 11:02 AM   #10
boby.kumar
Member
 
Registered: Mar 2013
Posts: 94

Original Poster
Rep: Reputation: Disabled
hfgf

Last edited by boby.kumar; 06-26-2013 at 12:01 AM. Reason: dulplicate posting
 
Old 06-25-2013, 11:59 PM   #11
boby.kumar
Member
 
Registered: Mar 2013
Posts: 94

Original Poster
Rep: Reputation: Disabled
Hi Team

Thanks a lot for the support you have been providing to me. Again looking for help here regarding samba share.

Actually I need to share the following path to samba share:/home/rncit/, and its successfully done. but problem is that A root share is also shared.A snapshot is given below..

RNCIT ROOT

PRINTER AND FAXES

When I run the following command to delete the samba root user, getting the following error..

[root@em1 ~]# smbpasswd -x root
Failed to delete entry for user root.

Could you please help me how to remove this problem as now totally stucked here?

Another command I run for disable the samba root user:[root@em1 ~]# smbpasswd -d root
Disabled user root.

Samba is not accessible here.

Please do the needful to overcome this problem.

NOTE: I need to share only RNCIT share for samba share
Thanks and Regards
Boby
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How to automount a Samba network share read-write for multiple users on boot? ask Linux - General 2 01-02-2012 04:33 AM
Samba share read only for guests and write for some specific users ^andrea^ Linux - Server 6 06-21-2011 06:42 PM
Find users how read/write/delete in a directory aclica Linux - Newbie 4 11-14-2007 07:41 AM
Why can I not write to a SAMBA share when read/write is enabled? eric m Linux - General 4 08-21-2006 10:22 PM
samba share with write but not delete Red Squirrel Linux - Software 7 08-29-2004 07:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration