Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Rep:
samba share with write but not delete
Is there a way to set a samba share so you can write, but not delete? I want to make a backup share so automated programs can put all the backups there, but I don't want it to be possible for anything or anyone to delete them. I only want to be able to delete from linux (ex: going into ssh and using the rm command).
Is there a way this can be done?
Right now the way I have it is that I have a folder with write permissions that backups go to, then every day a script runs to move the files to a safer location, but I rather not have to move stuff twice like that.
Put these in your smb.conf file under share definitions:
[Backup]
commnent = Backup file that only root can access
path = /usr/local/samba/backup
public = no
valid users = root @root
force create mode = 0770
force directory mode =0770
Are you logon as root? It's root that should only do the backup in this case beacause the "world" permission is "0" - no access, no other user and group that could access this, except root user and its built-in group.
Will you allow others to put their files here ( as you said as backup )? If they have write access to this directory, they can also delete the files they wrote.
Since in the first place you wanted that this will be used only as a central backup directory and you don't want anybody to be able to delete any content except only when you're logged on in Linux box, then root should only be the user that should be permitted or granted full access.
The public = no assures that this is not a public directory for everybody, only the one that owns this. The valid users = root @root assures that only the user root and its built-in (root) group will only have access. And since you're loged-on as root the time you created this this directory, by default this is owned by root and its group.
If you can't still access this as root, try to omit the "public = no" parameter or do this:
# chmod 1775 /usr/local/samba/backup - I suggest you do this first.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
So to access it I would just make a user in windows called root and make the backup happen under that user? (using scheduled tasks). But for my samba shares I use share level security and not user based so will it still work?
No need to create a local root user in Windows. I'm not so sure. I thought it should be 777 permission if security is only share. To make sure, your security should be user and create all your windows users in Linux and in smbpasswd but give them different password from their unix passwords.
Then let them take ownership of their respective directories (# chown -R username.users). The user group is a built-in group in unix with GID=100 (see /etc/group).
Finally make your bakcup directory in Linux owned by root.root only (actually the default).
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
I was playing around and found an easier solution.
create mode =555
So it creates the files as read only so they can't be deleted. It does not seem to work for folders, but folders are less important then files, and if a folder contains a file it won't let me delete it. So it's exactly what I want.
I've been playing with stuff and have other questions but I'll start a new thread.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.