Permissions Question

[Mr_N]

Ok so i have my volume shared via cifs and i connected to it in windows just using root user/pw to copy all my data onto it, i cbf messing around with adding more users at this stage as it'll only be me accessing it.

But i want to set the permissions on the first few top level directories so that they cant be accidentally deleted, even by root or their owner which is also root in this case.

Directory Structure:

/mnt/Volume/Archive/MediaType1/Subdirectories/Files
/mnt/Volume/Archive/MediaType2/Subdirectories/Files
/mnt/Volume/Archive/MediaType3/Subdirectories/Files

etc

How do i chmod the Archive & MediaType1/2/3 directories so they cant be deleted at all unless the permissions are changed back, while allowing owner deletion of the Subdirectories & Files contained within them?

thx in advance :)

 

[N00b]

You could set the system immutable flag on the files. See this article.
edit : this article us for FreeBSD. Linux has a different command.

 

[Mr_N]

read that it only mentions files, wasnt sure if i could use it on directories without affecting everything inside etc

 

[N00b]

Try it out it does. I just did. Use it on the directory it will flag the directory and prevent the directory from being removed. With the -R option it will flag the files in the directory as well. You can see the permissions with the 'ls -lo' command.

 

[Mr_N]

ok thanks sounds like just the thing i want :)

 

[Mr_N]

Just tried it using some test dirs as follows:

/mnt/Volume/Test/Media/Files/

i set the flag on the test and media dirs but not the files dir, didnt work as now in windows i cant delete the files dir, or create new dirs inside media...

 

[Mr_N]

bah silly me, i went one directory too deep, if i just add the flag to Test, then it stops media being deleted but anything in media can be... yay

 

[N00b]

:) I was just about to ask you the same ! Just to confirm you are flagging the highest level directory without the -R option? Then the first level below it gets protected by not subsequent levels.(I don't have access to my nas box today so couldn't test.)
You may also want to look at the appropriate selection of the following options in the CIFS share setup:

• Inherit Permissions
• Export Recycle Bin

I quite like the export recycle option. Allows accidental delete recovery :)

 

[Mr_N]

seems this wont work after all as more testing shows that while it stops the test and media dirs from being deleted, a delete action on either of them deletes everything inside them while failing to delete the dirs themselves...

the recycle bin option wont help if you shift+del :)

and if i inherit permissions it'll mean i can no longer add to my share, looks like i'll just have to be careful with deleting

 

[N00b]

/mnt/Volume/Archive/MediaType1/Subdirectories/Files
/mnt/Volume/Archive/MediaType2/Subdirectories/Files
/mnt/Volume/Archive/MediaType3/Subdirectories/Files

etc
How do i chmod the Archive & MediaType1/2/3 directories so they cant be deleted at all unless the permissions are changed back, while allowing owner deletion of the Subdirectories & Files contained within them?

seems this wont work after all as more testing shows that while it stops the test and media dirs from being deleted, a delete action on either of them deletes everything inside them while failing to delete the dirs themselves...

Sorry this is turning out to be such a trial and error but perhaps someone more experienced will jump in and help! I am a little confused . I thought that is the result you wanted to achieve. So you if you run the chflags command on Archive doesn't it protect Mediatype[1..3] allowing deletion of sub-directories.

If this doesn't work you can look at using sticky bits(4.4.3. The setuid, setgid, and sticky Permissions) and connecting to the share as non-root. The files can be owned by root. The ones that the user adds can be deleted.

Or maybe ACL. Sorry but I haven't used ACLs myself.

 

[Dusan]

the recycle bin option wont help if you shift+del :)

It will. This is not the usual Windows recycle bin. This is a recycle bin functionality provided by samba. If you enable it, everything that gets deleted via CIFS will be moved to the recycle bin. It doesn't matter if you shift+del or not.

 

[Mr_N]

oh cool, that'll come in handy then I shall enable away, in the mean time just chmod 755'd the whole share since its all owned by root and i'll connect with an added user to access it and only connect with root to add more data.

 

[Mr_N]

Sorry this is turning out to be such a trial and error but perhaps someone more experienced will jump in and help! I am a little confused . I thought that is the result you wanted to achieve. So you if you run the chflags command on Archive doesn't it protect Mediatype[1..3] allowing deletion of sub-directories.

It kind of was the idea just because i figured its harder to accidentally select a whole lot of dirs/files inside the media dirs and delete them than it is to accidentally delete one of the media or above dirs buy itself, but it doesnt really help because an accidental delete of the protected dirs still means you've deleted everything below it, which was the thing i was trying to protect myself from :)

 

[Mr_N]

I think i may have finally found the solution, involving changing samba's config a bit i think:

http://xpt.sourceforge.net/techdocs/nix/distro/debian/deb21-FileSystermAdmin/ar01s02.html

a dropbox :)

 

[cyberjock]

I will warn you that it doesn't always work as you are hoping. Some programs create a file of zero bytes, then open the file and write to it. Those programs will get VERY upset because you'll create the file, then be unable to actually save data to it because it won't be "modify"able.

Just something to keep in mind if you use this and a program misbehaves or throws weird errors.

 

[Mr_N]

well for the 'protected' section the only program i'll be using is windows explorer, with the help of my friend cut/copy & paste :)