[Samba] directory vs. file delete permissions
root
tcpamike at bellsouth.net
Sat Dec 7 21:15:01 GMT 2002
I have an [apps] share that was intended to be read-only (to keep
viruses away) however some Windows programs require rw access to
specific files. I don't want to open-up everything on the share to rw,
only those specific files/directories that need 'w' access.
Here's the dilemma: In order for users to be able to change a file, the
file and directory it's in need to have rw permissions (right?). But if
the directory has rw permissions for the user's group, members can
delete everything in the directory-- regardless of whether the file is
read-only for the their group or not. Additionally, the "delete
readonly = no" option (which is the default) doesn't apparently work.
Another effect is that while viruses can't change/infect files in the
[apps] share, they can simply DELETE all the 755-permission files they
see. Ugh.
How do I set this up correctly?
/home/samba/apps directory:
drwxrwxr-x 7 root smbusers 4096 Dec 7 15:08 apps
[apps]
comment = Applications
path = /home/samba/apps
force group = smbusers
browsable = yes
guest ok = no
read only = yes
delete readonly = no
write list = @smbadmin, at smbusers
valid users = @smbusers, at smbadmin
admin users = @smbadmin
The @smbusers were added to the write list. Originally it was only
@smbadmin.
The directory & file permissions are:
directory-- 755
files-- 744 (root:smbusers)
More information about the samba
mailing list