Elembis
n00b
Joined: 10 Jun 2003
Posts: 9
|
 Posted: Tue Apr 05, 2005 1:58 am Post subject: Writeable yet undeletable Samba share? [Partially solved] |
 |
|
For a fileserver I'm building, I'd like to have a public share so people can easily contribute their data without an administrator (me) needing to be on the scene. However, I'd also like to eliminate the possibility of a malicious guest rapidly deleting the product of hours (perhaps days) of uploading. As far as I know, doing this would mean monitoring traffic to the share and changing each file's permissions as they were added.
It'd be easy to get a script to change the permissions of everything in the guest share every X minutes, but someone could simply refresh the share repeatedly and delete any files before the script got around to protecting them. With this in mind, is it even possible for a script to be fast enough? If it is feasable, how might I go about scripting it? (I.e., how would I monitor the incoming traffic, and how would I pick out specific files?) It'd be nice if there were a way of setting "write" permissions to something like "add nomodify nodelete", but I don't think this is possible.
Thanks.
Update: That was easy. I found and experimented with Samba's "directory mask" and "create mask" options, and they do exactly what I want. I first thought setting each to 444 would work, but a directory with those permissions can't be filled, so I set them to 744 and 444, respectively. Note that if the share itself is writeable, these masks won't ever prevent a user from writing to it, because they only take effect once a file or directory is written.
Perfect.
Update 2: Oops. Written data can be renamed. It can't be deleted, and that's a good thing, but it can still be messed up. Even if I create a file in the public share as root and "chmod 000" it, any guest can rename it. Help? |
|
Networking & Security
