[Samba] Re: How to create a write-only share?

Scott Lovenberg scott.lovenberg at gmail.com
Mon Apr 7 10:08:44 GMT 2008

Ash Gosh wrote:
> On Mon, Apr 7, 2008 at 11:21 AM, Scott Lovenberg <scott.lovenberg at gmail.com>
> wrote:
>>   I think I did this once a couple of years ago using NT style policy and
>> the firewall policy object.  IIRC, I did it all at the file system level;
>> each computers' SYSTEM service was allowed to write to a text file that it
>> couldn't read.  The files was owned as "root:someGroup" with 720 perms.
>> This file was in a directory called 'logs' owned "root:someGroup" with 710
>> perms.  The directory that 'logs' was contained within was owned by
>> "root:someGroup" with 710 perms and was exported as a hidden share (I think
>> I used the '$' hidden share trick), which 'someGroup' was allowed to write
>> to.  That's off the top of my head, and it may not be correct, but if you
>> can mock it up with VMWare and a liveCD, that will at least get the ball
>> rolling, I hope.  I'm fairly sure it worked as advertised, but it never made
>> it to production, so I didn't document it or anything.
> Hello again,
> I did not understood corrctly: did you made all with fs permissions, what
> about and what is NT style policy and the firewall policy object?
> Does this helps me to allow anyone to copy / paste a file into the shares
> where they have no access?
> Thanks,
> Ash.
Yeah, disregard the part about NT policy, it was background info that I 
thought might help you to understand what I was trying to accomplish; 
it's not important to the topic at hand.  Let me change the permissions 
a bit so as to be more accurate (the second folder was not needed, I 
think I might have had something else in mind):

directory    |      owner      |      group     |      perms
topFolder          root          someGroup        7730

That should work, and it'll make every file owned by root, who will be 
the only one who can delete it.  Just make sure no one figures out how 
to put a shell script in this folder and execute it! ;)

More information about the samba mailing list