Problem in Samab Configuration

Taking care of your Linux box.

Problem in Samab Configuration

Postby shakirz1 » Sat Nov 15, 2003 1:27 pm

Dear Friends,

I have Red Hat Linux 7.3 and Samba 2.2.3a-6, I have also configure samba for share level access.

Now I am facing one problem, I have create a user named shakir and give read/write permission to everyone from windows network but I want to restrict to delete any file form this folder.

Any idea ?

Thanks



smb.conf
------------------------------------
[global]
workgroup = NDBS
encrypt passwords = yes
server string = samba server
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 0
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = SHARE
dns proxy = no
[shakir]
path = /home/shakir
writeable = yes
guest ok = yes
shakirz1
Battalion Quarter Master Havaldaar
 
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Website: http://www.fattanis.cjb.net
WLM: shakirz1@hotmail.com
Yahoo Messenger: shakirz1@yahoo.com
Location: Karachi

Postby zaeemarshad » Sat Nov 15, 2003 11:49 pm

giving write access means that they can delete files too. anyway there is a workaround. to any file that u want to deny delete permission do this

chattr +a filename

this will allow u to append to file but not overwrite existing content or delete the file. otherwise u have to disable write access to that user.

Regards
Zaeem
Last edited by zaeemarshad on Sun Nov 16, 2003 1:47 am, edited 1 time in total.
zaeemarshad
Lieutenant Colonel
 
Posts: 660
Joined: Sat Jul 06, 2002 12:35 pm
Website: http://zaeem.no-ip.org
WLM: zarshadvirk@hotmail.com
Yahoo Messenger: negativecreep61@yahoo.com
AOL: zarshadvirk
Location: Islamabad

Re: Problem in Samab Configuration

Postby LinuxFreaK » Sat Nov 15, 2003 11:58 pm

Dear Shakirz1,
Salam,

shakirz1 wrote:Dear Friends,

I have Red Hat Linux 7.3 and Samba 2.2.3a-6, I have also configure samba for share level access.

Now I am facing one problem, I have create a user named shakir and give read/write permission to everyone from windows network but I want to restrict to delete any file form this folder.

Any idea ?

Thanks



smb.conf
------------------------------------
[global]
workgroup = NDBS
encrypt passwords = yes
server string = samba server
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 0
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = SHARE
dns proxy = no
[shakir]
path = /home/shakir
writeable = yes
guest ok = yes


Sir, I thought about it for a few moments and the best I can think is to disallow write priveleges. But if you want them to be able to modify files then delete is nothing more than removing the filename of an empty file. You'll have to spend some time thinking about what you really want. Any time you allow write (or modify) access then you're going to allow delete access in all but name. I would disallow write access and, if they need to make modifications, tell them to save with a different filename. Or you could resign yourself to trusting your users not to do anything like erase the contents of a file. What purpose can it serve to block delete if they need write? I was addressing your request to allow read/write but disallow delete from samba sharing across a multiplatform network. I'm failing to see the point of disallowing delete if write is allowed. You indicated that you want to allow them to write but don't want them to be able to delete. Is there a difference, aside from the filename in the drive table? If not then you'll have to choose: To write or not to write. That is the question.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Re: Problem in Samab Configuration

Postby zaeemarshad » Sun Nov 16, 2003 1:34 am

LinuxFreaK wrote:Sir, I thought about it for a few moments and the best I can think is to disallow write priveleges. But if you want them to be able to modify files then delete is nothing more than removing the filename of an empty file. You'll have to spend some time thinking about what you really want. Any time you allow write (or modify) access then you're going to allow delete access in all but name. I would disallow write access and, if they need to make modifications, tell them to save with a different filename. Or you could resign yourself to trusting your users not to do anything like erase the contents of a file. What purpose can it serve to block delete if they need write? I was addressing your request to allow read/write but disallow delete from samba sharing across a multiplatform network. I'm failing to see the point of disallowing delete if write is allowed. You indicated that you want to allow them to write but don't want them to be able to delete. Is there a difference, aside from the filename in the drive table? If not then you'll have to choose: To write or not to write. That is the question.



sir ji if u set the undeletable attribute on a file, that file can then only be deleted by the root. u can edit, update that file but u cant delete that file. take a look at the manpage of chattr and lsattr. sahkirz1 simply set the undeletable bit on the file/folder u like. ur users wont be able to delete the file.

Regards
Zaeem Arshad
zaeemarshad
Lieutenant Colonel
 
Posts: 660
Joined: Sat Jul 06, 2002 12:35 pm
Website: http://zaeem.no-ip.org
WLM: zarshadvirk@hotmail.com
Yahoo Messenger: negativecreep61@yahoo.com
AOL: zarshadvirk
Location: Islamabad

Re: Problem in Samab Configuration

Postby LinuxFreaK » Sun Nov 16, 2003 1:46 am

Dear Zaeem Arshad,
Salam,

zaeemarshad wrote:sir ji if u set the undeletable attribute on a file, that file can then only be deleted by the root. u can edit, update that file but u cant delete that file. take a look at the manpage of chattr and lsattr. sahkirz1 simply set the undeletable bit on the file/folder u like. ur users wont be able to delete the file.

Regards
Zaeem Arshad


"When a file with the `u' attribute set is deleted, its contents are saved. This allows the user to ask for its undeletion."

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

thanks to solve my problem

Postby shakirz1 » Mon Nov 17, 2003 12:03 pm

thanks to all guyes to slove this problem. the command chattr +a filename has solved my problem
shakirz1
Battalion Quarter Master Havaldaar
 
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Website: http://www.fattanis.cjb.net
WLM: shakirz1@hotmail.com
Yahoo Messenger: shakirz1@yahoo.com
Location: Karachi


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 1 guest

cron