Dear Friends,
I have Red Hat Linux 7.3 and Samba 2.2.3a-6, I have also configure samba for share level access.
Now I am facing one problem, I have create a user named shakir and give read/write permission to everyone from windows network but I want to restrict to delete any file form this folder.
Any idea ?
Thanks
smb.conf
------------------------------------
[global]
workgroup = NDBS
encrypt passwords = yes
server string = samba server
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 0
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = SHARE
dns proxy = no
[shakir]
path = /home/shakir
writeable = yes
guest ok = yes
Problem in Samab Configuration
-
- Lieutenant Colonel
- Posts: 660
- Joined: Sat Jul 06, 2002 12:35 pm
- Location: Islamabad
- Contact:
giving write access means that they can delete files too. anyway there is a workaround. to any file that u want to deny delete permission do this
chattr +a filename
this will allow u to append to file but not overwrite existing content or delete the file. otherwise u have to disable write access to that user.
Regards
Zaeem
chattr +a filename
this will allow u to append to file but not overwrite existing content or delete the file. otherwise u have to disable write access to that user.
Regards
Zaeem
Last edited by zaeemarshad on Sun Nov 16, 2003 1:47 am, edited 1 time in total.
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re: Problem in Samab Configuration
Dear Shakirz1,
Salam,
Best Regards.
Salam,
Sir, I thought about it for a few moments and the best I can think is to disallow write priveleges. But if you want them to be able to modify files then delete is nothing more than removing the filename of an empty file. You'll have to spend some time thinking about what you really want. Any time you allow write (or modify) access then you're going to allow delete access in all but name. I would disallow write access and, if they need to make modifications, tell them to save with a different filename. Or you could resign yourself to trusting your users not to do anything like erase the contents of a file. What purpose can it serve to block delete if they need write? I was addressing your request to allow read/write but disallow delete from samba sharing across a multiplatform network. I'm failing to see the point of disallowing delete if write is allowed. You indicated that you want to allow them to write but don't want them to be able to delete. Is there a difference, aside from the filename in the drive table? If not then you'll have to choose: To write or not to write. That is the question.shakirz1 wrote:Dear Friends,
I have Red Hat Linux 7.3 and Samba 2.2.3a-6, I have also configure samba for share level access.
Now I am facing one problem, I have create a user named shakir and give read/write permission to everyone from windows network but I want to restrict to delete any file form this folder.
Any idea ?
Thanks
smb.conf
------------------------------------
[global]
workgroup = NDBS
encrypt passwords = yes
server string = samba server
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 0
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = SHARE
dns proxy = no
[shakir]
path = /home/shakir
writeable = yes
guest ok = yes
Best Regards.
Farrukh Ahmed
-
- Lieutenant Colonel
- Posts: 660
- Joined: Sat Jul 06, 2002 12:35 pm
- Location: Islamabad
- Contact:
Re: Problem in Samab Configuration
LinuxFreaK wrote: Sir, I thought about it for a few moments and the best I can think is to disallow write priveleges. But if you want them to be able to modify files then delete is nothing more than removing the filename of an empty file. You'll have to spend some time thinking about what you really want. Any time you allow write (or modify) access then you're going to allow delete access in all but name. I would disallow write access and, if they need to make modifications, tell them to save with a different filename. Or you could resign yourself to trusting your users not to do anything like erase the contents of a file. What purpose can it serve to block delete if they need write? I was addressing your request to allow read/write but disallow delete from samba sharing across a multiplatform network. I'm failing to see the point of disallowing delete if write is allowed. You indicated that you want to allow them to write but don't want them to be able to delete. Is there a difference, aside from the filename in the drive table? If not then you'll have to choose: To write or not to write. That is the question.
sir ji if u set the undeletable attribute on a file, that file can then only be deleted by the root. u can edit, update that file but u cant delete that file. take a look at the manpage of chattr and lsattr. sahkirz1 simply set the undeletable bit on the file/folder u like. ur users wont be able to delete the file.
Regards
Zaeem Arshad
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re: Problem in Samab Configuration
Dear Zaeem Arshad,
Salam,
Best Regards.
Salam,
"When a file with the `u' attribute set is deleted, its contents are saved. This allows the user to ask for its undeletion."zaeemarshad wrote: sir ji if u set the undeletable attribute on a file, that file can then only be deleted by the root. u can edit, update that file but u cant delete that file. take a look at the manpage of chattr and lsattr. sahkirz1 simply set the undeletable bit on the file/folder u like. ur users wont be able to delete the file.
Regards
Zaeem Arshad
Best Regards.
Farrukh Ahmed
-
- Battalion Quarter Master Havaldaar
- Posts: 207
- Joined: Sat Aug 09, 2003 5:00 pm
- Location: Karachi
- Contact:
thanks to solve my problem
thanks to all guyes to slove this problem. the command chattr +a filename has solved my problem