Renato Petrich - Linux escreveu:
Boa Tarde,
Caros linuxers, li o material do Zago, mas nada me esclareceu a seguinte
questao: tenho um servidor samba num cl10, sistema de arquivos Reiserfs,
este servidor e fruto de migracao de um servidor Novell, tudo funciona
perfeitamente, mas gostaria que meus usuarios pudessem ler e gravar arquivos
existentes, mas nao pudessem apaga-los. 'E possivel? Como? Seria o uso de
acl's a solucao? Se puderem me dar uma dica, ou localizacao de documentacao
pertinente, agradeco.
A resposta est� aqui:
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html
Protecting Directories and Files from Deletion
People have asked on the Samba mailing list how is it possible to
protect files or directories from deletion by users. For example,
Windows NT/2K/XP provides the capacity to set access controls on a
directory into which people can write files but not delete them. It is
possible to set an ACL on a Windows file that permits the file to be
written to but not deleted. Such concepts are foreign to the UNIX
operating system file space. Within the UNIX file system anyone who has
the ability to create a file can write to it, and has the capability to
delete it.
...
The specific semantics of the extended attributes are not consistent
across UNIX and UNIX-like systems such as Linux. For example, it is
possible on some implementations of the extended attributes to set a
flag that prevents the directory or file from being deleted. The
extended attribute that may achieve this is called the |immutible| bit.
Unfortunately, the implementation of the immutible flag is NOT
consistent with published documentation. For example, the man page for
the *chattr* on SUSE Linux 9.2 says:
A file with the i attribute cannot be modified: it cannot be deleted
or renamed, no link can be created to this file and no data can be
written to the file. Only the superuser or a process possessing the
CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
A simple test can be done to check if the immutible flag is supported on
files in the file system of the Samba host server.
1.
Create a file called |filename|
2.
Login as the |root| user, then set the immutibile flag on a test
file as follows:
|root# | chatter +i 'filename'
3.
Login as the user who owns the file (not root) attempt to remove
the file as follows:
mystic:/home/hannibal > rm filename
It will not be possible to delete the file if the immutible flag
is correctly honored.
On those systems and file system types that support the immutible bit it
is possible to create directories that can not be deleted. Check the man
page on your particular host system to determine whether or not
immutable directories are writable. If they are not, then the entire
directory and its contents will effectively by protected from writing
(file creation also) and deletion.
---------------------------------------------------------------------------
Esta lista � patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br
Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br
Regras de utiliza��o da lista: http://linux-br.conectiva.com.br
FAQ: http://www.zago.eti.br/menu.html
