Re: Restricting delete on a share?
On Mon, 2003-03-10 at 18:50, Stefan (metze) Metzmacher wrote: At 18:37 10.03.2003 +1100, Andrew Bartlett wrote: On Mon, 2003-03-10 at 18:02, Stefan (metze) Metzmacher wrote: At 00:04 10.03.2003 -0600, Jeremy M. Dolan wrote: Hi all. Management here wants to restrict users from deleting files via Samba. NTFS is able to restrict just delete permissions, but still allow new files to be created and old ones changed. Andrew, read two lines above... :-) I know :-). It's amazing how much effort goes into keeping management happy rather than securing systems... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: Restricting delete on a share?
Jeremy, the best way you can accomplish this is to build a custom VFS module. It is really easy to build such module and you only need to intercept and discard any unlink operation. regards, Simo. On Mon, 2003-03-10 at 07:04, Jeremy M. Dolan wrote: Hi all. Management here wants to restrict users from deleting files via Samba. NTFS is able to restrict just delete permissions, but still allow new files to be created and old ones changed. But I've come to the conclusion this isn't possible with standard UNIX file permissions, and unfortunately Red Hat does not yet support ACLs on any file systems. In Samba's documentation I don't see any indication that a delete=no type option exists for shares, which surprised me. Am I missing something? If not, is there perhaps a compile-time directive to disallow file deletion? Otherwise, could someone perhaps point me to what I'd want to change in the source to accomplish this? Thanks. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Restricting delete on a share?
Hi all. Management here wants to restrict users from deleting files via Samba. NTFS is able to restrict just delete permissions, but still allow new files to be created and old ones changed. But I've come to the conclusion this isn't possible with standard UNIX file permissions, and unfortunately Red Hat does not yet support ACLs on any file systems. In Samba's documentation I don't see any indication that a delete=no type option exists for shares, which surprised me. Am I missing something? If not, is there perhaps a compile-time directive to disallow file deletion? Otherwise, could someone perhaps point me to what I'd want to change in the source to accomplish this? Thanks. -- Jeremy M. Dolan mailto:[EMAIL PROTECTED] http://jmd.us/ PGP: 1024D/3C68A1BA 9470 210C A476 FFBB 6D11 0223 0D1C ABFC 3C68 A1BA
Re: Restricting delete on a share?
At 00:04 10.03.2003 -0600, Jeremy M. Dolan wrote: Hi all. Management here wants to restrict users from deleting files via Samba. NTFS is able to restrict just delete permissions, but still allow new files to be created and old ones changed. But I've come to the conclusion this isn't possible with standard UNIX file permissions, and unfortunately Red Hat does not yet support ACLs on any file systems. In Samba's documentation I don't see any indication that a delete=no type option exists for shares, which surprised me. Am I missing something? If not, is there perhaps a compile-time directive to disallow file deletion? Otherwise, could someone perhaps point me to what I'd want to change in the source to accomplish this? you can write a vfs module that overloads the unlink function and returns access denied when the unlink function is called. metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Re: Restricting delete on a share?
On Mon, 2003-03-10 at 18:02, Stefan (metze) Metzmacher wrote: At 00:04 10.03.2003 -0600, Jeremy M. Dolan wrote: Hi all. Management here wants to restrict users from deleting files via Samba. NTFS is able to restrict just delete permissions, but still allow new files to be created and old ones changed. But I've come to the conclusion this isn't possible with standard UNIX file permissions, and unfortunately Red Hat does not yet support ACLs on any file systems. In Samba's documentation I don't see any indication that a delete=no type option exists for shares, which surprised me. Am I missing something? If not, is there perhaps a compile-time directive to disallow file deletion? Otherwise, could someone perhaps point me to what I'd want to change in the source to accomplish this? you can write a vfs module that overloads the unlink function and returns access denied when the unlink function is called. Just remember that doing this doesn't actually gain you anything - the users can still write garbage into the file, or make them zero length. So the option you are looking for is 'read only = yes' ;-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: Restricting delete on a share?
At 18:37 10.03.2003 +1100, Andrew Bartlett wrote: On Mon, 2003-03-10 at 18:02, Stefan (metze) Metzmacher wrote: At 00:04 10.03.2003 -0600, Jeremy M. Dolan wrote: Hi all. Management here wants to restrict users from deleting files via Samba. NTFS is able to restrict just delete permissions, but still allow new files to be created and old ones changed. Andrew, read two lines above... :-) you can write a vfs module that overloads the unlink function and returns access denied when the unlink function is called. Just remember that doing this doesn't actually gain you anything - the users can still write garbage into the file, or make them zero length. So the option you are looking for is 'read only = yes' ;-) metze - Stefan metze Metzmacher [EMAIL PROTECTED]