Problem in Samab Configuration

[shakirz1]

Dear Friends,

I have Red Hat Linux 7.3 and Samba 2.2.3a-6, I have also configure samba for share level access.

Now I am facing one problem, I have create a user named shakir and give read/write permission to everyone from windows network but I want to restrict to delete any file form this folder.

Any idea ?

Thanks



smb.conf
------------------------------------
[global]
workgroup = NDBS
encrypt passwords = yes
server string = samba server
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 0
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = SHARE
dns proxy = no
[shakir]
path = /home/shakir
writeable = yes
guest ok = yes

[zaeemarshad]

giving write access means that they can delete files too. anyway there is a workaround. to any file that u want to deny delete permission do this

chattr +a filename

this will allow u to append to file but not overwrite existing content or delete the file. otherwise u have to disable write access to that user.

Regards
Zaeem

[LinuxFreaK]

Dear Shakirz1,
Salam,

Dear Friends,

I have Red Hat Linux 7.3 and Samba 2.2.3a-6, I have also configure samba for share level access.

Now I am facing one problem, I have create a user named shakir and give read/write permission to everyone from windows network but I want to restrict to delete any file form this folder.

Any idea ?

Thanks



smb.conf
------------------------------------
[global]
workgroup = NDBS
encrypt passwords = yes
server string = samba server
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 0
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = SHARE
dns proxy = no
[shakir]
path = /home/shakir
writeable = yes
guest ok = yes

Sir, I thought about it for a few moments and the best I can think is to disallow write priveleges. But if you want them to be able to modify files then delete is nothing more than removing the filename of an empty file. You'll have to spend some time thinking about what you really want. Any time you allow write (or modify) access then you're going to allow delete access in all but name. I would disallow write access and, if they need to make modifications, tell them to save with a different filename. Or you could resign yourself to trusting your users not to do anything like erase the contents of a file. What purpose can it serve to block delete if they need write? I was addressing your request to allow read/write but disallow delete from samba sharing across a multiplatform network. I'm failing to see the point of disallowing delete if write is allowed. You indicated that you want to allow them to write but don't want them to be able to delete. Is there a difference, aside from the filename in the drive table? If not then you'll have to choose: To write or not to write. That is the question.

Best Regards.

[zaeemarshad]

Sir, I thought about it for a few moments and the best I can think is to disallow write priveleges. But if you want them to be able to modify files then delete is nothing more than removing the filename of an empty file. You'll have to spend some time thinking about what you really want. Any time you allow write (or modify) access then you're going to allow delete access in all but name. I would disallow write access and, if they need to make modifications, tell them to save with a different filename. Or you could resign yourself to trusting your users not to do anything like erase the contents of a file. What purpose can it serve to block delete if they need write? I was addressing your request to allow read/write but disallow delete from samba sharing across a multiplatform network. I'm failing to see the point of disallowing delete if write is allowed. You indicated that you want to allow them to write but don't want them to be able to delete. Is there a difference, aside from the filename in the drive table? If not then you'll have to choose: To write or not to write. That is the question.

sir ji if u set the undeletable attribute on a file, that file can then only be deleted by the root. u can edit, update that file but u cant delete that file. take a look at the manpage of chattr and lsattr. sahkirz1 simply set the undeletable bit on the file/folder u like. ur users wont be able to delete the file.

Regards
Zaeem Arshad

[LinuxFreaK]

Dear Zaeem Arshad,
Salam,

sir ji if u set the undeletable attribute on a file, that file can then only be deleted by the root. u can edit, update that file but u cant delete that file. take a look at the manpage of chattr and lsattr. sahkirz1 simply set the undeletable bit on the file/folder u like. ur users wont be able to delete the file.

Regards
Zaeem Arshad

"When a file with the `u' attribute set is deleted, its contents are saved. This allows the user to ask for its undeletion."

Best Regards.

[shakirz1]

thanks to all guyes to slove this problem. the command chattr +a filename has solved my problem