Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there a sneaky way to allow writes but not allow deletes to a given folders contents?
Trying to allow people to write to a samaba share but prevent them from deleting theres or others files.
Is thre a way to do a chown -R 555 on files but not directories?
Then I could have a mask of say 777 and run the above in a cron every hour to make the files read only but still allow people to create new files within the directories?
Last edited by jedimastermopar; 03-13-2008 at 05:03 PM.
Is there a sneaky way to allow writes but not allow deletes to a given folders contents?
Trying to allow people to write to a samaba share but prevent them from deleting theres or others files.
Is thre a way to do a chown -R 700 on files but not directories?
Then I could have a mask of 777 and run the above in a cron every hour to make the files read only but still allow people to create new files within the directories?
If you allow people to write to a file then they can destroy the file by writing garbage to the file. They don't have to be able to delete a file in order to destroy it. So allowing people to write to a file but not delete the file does not protect the file.
As to preventing people destroying other people's files the way to do that is to have the ownership and permissions for new files set up so that people cannot write to or delete files created by other users.
I suppose that you could make a user's existing files read only every few minutes with cron. However in any situation that I can imagine a good backup and recovery system is more useful than disallowing users from revising or deleting their own data.
I don't want them to be able to write to them or delete either, I want them to be read only, but allow also allow them to write new files to the folders, and create new folders.
One thing that I thought would work was to set the two variables likes this.
force create mode = 055
force directory mode - 6777
but when I create new files via a samba user in the share the files are all 777 and not 555 as I would have thought?
Also the reason we don't want to allow editing and deleting on this share is that we need to keep track of all file edits done, the idea is that people will version the files as they edit them.
Last edited by jedimastermopar; 03-13-2008 at 05:18 PM.
ok well i figured out how to get what I wanted but I think I woudl still rather be able to cron a chmod 444 to not include the directories. This would allow people to be able to delete things they put in by mistake for a certain ammoutn of time. Like run the cron nightly, to make the files read only.
I changed the
force create mod
to
create mask
Any ideas on how to change the permisions on files recorsivly while leaving the directories permisions in tact?
AFAIK you don't. You can use an application that front-ends versioning as in SVN or CVS or a filesystem that allows versioning or snapshotting like CopyFS (uses FUSE) or ext3cow (usable but missing fsck). BTW, maybe also look into inotify tools like inotifywait since you could do stuff like trigger a copy on change.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.