Read-only and shares

rparker at VPR.net rparker at VPR.net
Mon Oct 16 16:01:28 GMT 2000 

Maybe this has been covered but have you considered setting the
sticky bit on the directory (from the UNIX side)
so that only the creator of the files can delete them? This may
be a bit of a kludge but I did this on my 'shared' directory so
that people cleaning out their section of shared couldn't
accidentally delete other peoples files in that directory.
It doesn't stop modification of the file, but maybe it helps
enough in accomplishing what you need?

If anyone has any insights into why this might not be a good
idea, please chime in! I do note a possible problem in the
excerpt from 'man sticky' below - 

from my bsdi unix man page chmod (2):

 If mode ISVTX (the `sticky bit') is set on a directory, an
unprivileged user may not delete or rename files of other users in that
directory. The sticky bit may be set by any user on a directory which the
user owns or has appropriate permissions.  For more details of the
properties of the sticky bit, see sticky(8).

But a caveat is noted in man sticky regarding swap space and
this might be an issue?

STICKY DIRECTORIES
     A directory whose `sticky bit' is set becomes an
append-only directory, or, more accurately, a directory in which the deletion of
files is re-stricted.  A file in a sticky directory may only be
removed or renamed by a user if the user has write permission for the directory
and the user is the owner of the file, the owner of the directory, or the
super-user.

     This feature is usefully applied to directories such as
/tmp which must be publicly writable but should deny users the license to
arbitrarily delete or rename each others' files.

     Any user may create a sticky directory.  See chmod(1) for
details about modifying file modes.

BUGS
     Since the text areas of sticky text executables are
stashed in the swap area, abuse of the feature can cause a system to run out
of swap.

Bill writes:
    
>    There are files that should be readable by the general user population.  By
>    placing them in Public, there is the chance that that might accidentally get
>    deleted or changed, and the read-only attribute is a (weak) attempt to
>    prevent that.  It does not prevent willful modification, but simply acts as
>    a warning that the file should not be changed.
>    
>    Thanks very much for your help.
>    
>    -Bill
    
    


----------

Web page:   http://www.vpr.net

More information about the samba mailing list