[Samba] directory vs. file delete permissions

root tcpamike at bellsouth.net
Sat Dec 7 21:15:01 GMT 2002

I have an [apps] share that was intended to be read-only (to keep
viruses away) however some Windows programs require rw access to
specific files.  I don't want to open-up everything on the share to rw,
only those specific files/directories that need 'w' access.

Here's the dilemma:  In order for users to be able to change a file, the
file and directory it's in need to have rw permissions (right?).  But if
the directory has rw permissions for the user's group, members can
delete everything in the directory-- regardless of whether the file is
read-only for the their group or not.  Additionally, the "delete
readonly = no" option (which is the default) doesn't apparently work.

Another effect is that while viruses can't change/infect files in the
[apps] share, they can simply DELETE all the 755-permission files they
see.  Ugh.

How do I set this up correctly?

/home/samba/apps directory:
drwxrwxr-x    7 root     smbusers     4096 Dec  7 15:08 apps

   comment = Applications
   path = /home/samba/apps
   force group = smbusers
   browsable = yes
   guest ok = no
   read only = yes
   delete readonly = no
   write list = @smbadmin, at smbusers
   valid users = @smbusers, at smbadmin
   admin users = @smbadmin

The @smbusers were added to the write list.  Originally it was only

The directory & file permissions are: 
directory-- 755 
files-- 744 (root:smbusers)

More information about the samba mailing list