Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: namespace on July 10, 2011, 05:57:06 AM
-
Hi
Long time user, first time poster.
I am hoping someone can assist with this query to do with setting permissions on folders and files within an ibay. I am a bit of a novice in the CLI and at using CHMOD, which is what I assume is needed to achieve this.
Scenario is: I have a Customer that wants to restrict deleting of Folders & Files, they otherwise would like the users to be unrestricted in Creating/Modifying Files & Folders. Root would be the only unrestricted user. Can this be done?
I have been looking at http://catcode.com/teachmod/chmod_2.html and understand the layout, I guess I just don't get the syntax to be used.
I have had a look at the contrib 'Shared Folders' but that only seems to allow groups to either read/write or read only.
Below are the current permissions of a Folder in one ibay:
[root@*****-svr02 aProjects]# ls -l
total 176
drwxrwsr-x 2 admin shared 4096 Feb 12 18:38 Installation Quotes 2009
drwxrwsr-x 2 admin shared 4096 May 19 15:01 Installation Quotes 2010
drwxrwsr-x 2 admin shared 4096 Jul 8 08:27 Installation Quotes 2011
drwxrwsr-x 11 justin shared 4096 Jul 1 15:59 Kit Homes
drwxrwsr-x 2 admin shared 4096 Jun 30 14:06 Lost Jobs
drwxrwsrwx+ 1334 admin shared 28672 Mar 28 10:53 Projects 2009
drwxrwsrwx+ 1608 admin shared 36864 Jun 30 10:32 Projects 2010
drwxrwsrwx+ 975 admin shared 20480 Jul 8 13:58 Projects 2011
drwxrwsr-x 2 admin shared 20480 Jul 6 16:40 QuoteProcessed
drwxrwsr-x 2 admin shared 36864 Jul 8 16:31 QuoteSource
drwxrwsr-x 2 admin shared 4096 Apr 28 12:47 RESTORED
TIA
Adam
-
I am hoping someone can assist with this query to do with setting permissions on folders and files within an ibay.
SME server has no support for doing that.
-
I did some searching around and found the linux "undeletable" attribute -- but it seems that it doesn't work: http://www.mail-archive.com/rhelv5-list@redhat.com/msg07118.html
I did some more digging into ACLs, but I couldn't find any way to prevent deletion using those, either. There are some notes around ACLs and the SharedFolders (http://wiki.contribs.org/SharedFolders) contrib that say you can set samba ACLs from a windows workstation - maybe this can be configured to do what you want.
I did find this note, which may or may not help or work: http://aplawrence.com/Unixart/file-removal.html
Alternatively, setup an Affa (http://wiki.contribs.org/Affa) server that backs up your ibays every 10 minutes, and saves a couple days worth of backups...
-
I did some more digging into ACLs, but I couldn't find any way to prevent deletion using those, either. There are some notes around ACLs and the SharedFolders (http://wiki.contribs.org/SharedFolders) contrib that say you can set samba ACLs from a windows workstation - maybe this can be configured to do what you want.
Thanks for that info
They are currently authenticating to the network/domain through an SBS2003 Server and I have tried setting the attributes for the group Domain Users on SME Server to 'deny' for 'delete subfolders and files' and 'delete' in the advanced security settings. It does appear to go through the motions and resets them, but going back to the SME server and confirming attributes, nothing changes.
I'll do some testing with that link you supplied at aplawrence.com
An Affa server may be an option, they run two SME Servers, one handles firewall/gateway/vpn, the main one is server only for data and remote access for interstate reps who connect to VMWare Server 2.0 running a few XP VM's. Affa could be setup on the firewall server, with a hard drive upgrade, as they have 500GB of data...
Will also read up more on the SharedFolders contrib
-
I think you need to manually enable ACLs (as described in the SharedFolders contrib instructions) before they will work on the SME. You may not need the contrib at all, but you will at least need to make the modification to fstab described under http://wiki.contribs.org/SharedFolders#Installation
-
Does your customer really know what they want?
If a user can modify a file, they can delete its contents - which has much the same effect as deleting the file.
To quote from http://www.tuxfiles.org/linuxhelp/filepermissions.html
There are three types of access permissions on Linux: read, write, and execute. These permissions are defined separately for the file's owner, group and all other users.
Read permission. On a regular file, the read permission bit means the file can be opened and read. On a directory, the read permission means you can list the contents of the directory.
Write permission. On a regular file, this means you can modify the file, aka write new data to the file. In the case of a directory, the write permission means you can add, remove, and rename files in the directory. This means that if a file has the write permission bit, you are allowed to modify the file's contents, but you're allowed to rename or delete the file only if the [/b][/b]permissions of the file's directory allow you to do so.
Execute permission. In the case of a regular file, this means you can execute the file as a program or a shell script. On a directory, the execute permission (also called the "search bit") allows you to access files in the directory and enter it, with the cd command, for example. However, note that although the execute bit lets you enter the directory, you're not allowed to list its contents, unless you also have the read permissions to that directory.
Perhaps you should get back to your customer and ask for a clarification of what is really the problem and then you may be able to come up with a solution.
Cheers
Ian
-
The feature is called => ShadowCopy
-
namespace
For workarounds/alternatives look at
http://wiki.contribs.org/RecycleBin
and
http://wiki.contribs.org/ShadowCopy