Linux *nix permissions - I want write access but not delete

I've got a WD Mybookworld NAS fileserver which runs Linux, and it shares files to the rest of my network. So far everything is working fine - I have a public directory that everyone can see and access (I.e. rwxrwxrwx) and a backup directory that is only accessible by me (rwx------). However, it would be incredibly easy (for me or anyone on the network) to browse to the public share and delete the whole thing. No passwords would be required. Some stuff is backed up but not everything.

Basically I want everyone to be able to read and write to 'public' but I don't want me or anyone else to be able to delete anything (without entering a password). Possible?

N.B. I'm a linux noob so go easy

 

if you just want to make it readable by everyone except the owner, you just need to use chmod.

chmod go-w *

 

What you are looking for is the sticky bit. You need to do:

Code:

chmod +t file

 

OK, thanks. That will presumably stop anyone other that me from deleting things. Say if I copy something to the drive with a 'guest' account, does that mean that anyone else with a guest account can also delete it? Or is there some way that linux identifies one guest over another?

But is there any way to prevent my own cack-handedness? I know it sounds stupid, but I could easily just press 'delete' on 'public' and wipe the 500Gb of stuff on it... And I really don't want to re-download that content AND spend another few days copying it over the network to the NAS.

Perhaps the answer is just giving everyone read-only permissions and requiring a login to add stuff to the directory. That would be safe but slightly inconvenient.

I am waiting for someone to pop up and say "of course, you just add this syntax". Any takers?

 

i too have been wanting to set something up like this, since my clueless flatmates also use my server (one cant learn the difference between cut and copy hence wanting no delete)

 

Well, it actually goes by the UID of the user not the name. You can check /etc/passwd for the UID (it’s the first number, e.g., "user:x:1000:1001::/home/user" the UID is 1000), or type

Code:

echo $UID

in a terminal.

If you want to prevent your own mistyping you can set it to -w (chmod -w file), and as long as you are the owner you can still delete it, but you will get a warning along the lines of "Delete write protected file".

 

OK, thanks. I'm not quite sure what the '-w' syntax actually does? Gives a write warning? I don't know that that will help - I do get a warning on OS X/Windows when I try and delete something. But it's very easy to just press yes without thinking.

I think the best idea might be to have an account specifically for copying to the device, and then a read-only guest account for everyday access. Hmm

Any more bright ideas?

 

Perhaps try reading the documentation?

Code:

info chmod

 

I googled the man page earlie for chmod but it didn't mention -w. Either way it seems that it doesn't do exactly what I want it to, so I've denied write access to the guest account. A little bit annoying but much safer, and there doesn't seem to be a better way of doing it.

 

I’ve already told you how to do it. Make the directory sticky.

 

Yeah, sorry, I didn't make it too clear in the original post.

I'm just as worried about deleting 'public' myself as anyone else! So I don't think the sticky bit will work since I will be the owner of all of the files so there won't be anything stopping me deleting them?

EDIT: There doesn't seem to be a man or an info page for chmod. Possibly because it's only a very minuscule distro on the NAS?

 

Tomm, Why don't you create a new user on the box, purely for deleting things?
That way you'll have to log out and log in as a different user to delete things, and won't be the owner yourself, so can't accidentally delet stuff.

If you make it Glaringly obvious that you're in the deletion account, you should remember to log out and log back in as you once you've done the deleting.

 

Because to be able to delete things, you need a user with write access. As far as I can tell there's no way to separate deleting and writing permissions? They're the same thing, unfortunately.

Logging in from OSX is dead easy - it automatically logs in as guest, but there's a button to "connect as". But in Windows (XP, MCE) I can't find the dialogue to connect to a remote share with a username/pass. The only way I've found to do it is to 'map network drive' - but that's hardly ideal since I'm permanently logged in as either guest (can't write) or I can choose to map the drive with the full account - but then I always have write/delete permissions which I don't want. There must be another way, but damned if I can find it

 

Putty + SSH for write access?

CLI cheesecake!

 

I'm not sure what you mean? I have to log in to the NAS using putty + SSH to change anything, or there is a (slow!) web-based console which allows basic stuff (including setting permissions). But I'm not very confident with CL stuff, and the only login is root so I'm scared of destroying it completely!

 

You could just learn to be careful, and backup frequently.

 

Unfortunately I don't have a backup for all this stuff, I just don't have the storage capacity.

And yes, I could be more careful, but then having a failsafe is hardly a bad idea, is it?

 

i guess it depends on how samba delets its files etcc.. but this might work
in your /etc/profile set an alias
alias rm=''

that should remove rm from all login shells (well the easy way of using rm)
then in roots (or user that should be able to delete) ~/.bashrc file set an alias again

alias rm=/bin/rm

if samba makes system calls to rm that should prevent it from being deleted...


another option is.. create a cron job that runs a script every say 5 or 10 min.. have it go through the share directory recursively and remove the write permissions from every non directory file chmod a-w then chown root the file.. essentally you'll force your self to ssh in and su/sudo to delete anything..

 

Isn't the easy thing to do just disable write access to the files, unless really needed? You can just chmod the directory you want to write or delete at the moment you need to, and chmod them -w when you don't want to do that?

Or just learn to be carefull...