July 9, 200817 yr Hello, i need two scripts and i`m shure they are easy to write for some of you. My unraid box has now over two terabytes of movies. If i put there a movie once it remains for ever. That`s why i would like to be able to lock it so that nobody can delete it ever. I though that user-level security would be a good solution, but i`m looking for something else. I need two scripts: one which locks all the movie files (avi, mkv, m2ts, mts, mp4) inside specified folder and all the folders above in the hierarchy so that they can only be deleted from the console, not from the network and another which reverts the operation. Thanks in advance!
July 9, 200817 yr What you are requesting is not as simple as it seems. In Linux/Unix, a file may be written to if it is writable (I know, obvious) Every file is writable by the "root" superuser. In Linux/Unix, a file does not need to be writable to be deleted... Instead, the folder it is in must be writable. If you cannot write to a folder, you cannot create OR delete files within it.... but you could still overwrite a file by opening it and writing to it. In unRAID, the samba shares all seem to be configured with: force user = root So, it appears as if samba connects as if it is root. With permissions to do anything it likes. To experiment, you can try to turn off "write" permission on all the directories with something like this: find /mnt/user/Movies -type d -exec chmod a-w {} \; You can put it back with this: find /mnt/user/Movies -type d -exec chmod a+w {} \; Obviously, you would need to put your folder name in place if your user share is not named "Movies" With this, a user would not be able to delete a file, but they would still be able to overwrite a file. As I said, it is not as simple as it looks on the surface. I'd make my user-shares exported as read-only... That would do most of what you want. Joe L.
July 9, 200817 yr Author Thanks for your explanation. To be clearer i`ll say: I want to lock media files so that nobody can delete them. Ok let them be writable, but not deletable. Is it however possible? My folder structure is made of the root folder - "Movies" and folders contained into, one per each movie. I need a script which will make all the media files into "Movies" folder undeletable and unmovable and another which will revert this. I don`t know if i understood you. Tell me is it possible?
July 9, 200817 yr Thanks for your explanation. To be clearer i`ll say: I want to lock media files so that nobody can delete them. Ok let them be writable, but not deletable. Is it however possible? My folder structure is made of the root folder - "Movies" and folders contained into, one per each movie. I need a script which will make all the media files into "Movies" folder undeletable and unmovable and another which will revert this. I don`t know if i understood you. Tell me is it possible? I think what you are looking for is a way to make them read-only when accessed over the network shares. I have a read only share called "mp3" that is used by my whole familiy with iTUNES. I did not want anyone to accidentally delete any of the music, or change the tags in these files. The read only mount gives me that protection. But I know the super secret handshake to be able to access these files so that I can update and delete them (if I want to).
July 9, 200817 yr If samba is using force user = root then making the directories unwritable probably will not work.
July 9, 200817 yr Author But i don`t want to make the directories unwritable. I only want to make my media files undeletable. As a test i chmoded one file to 000, and as a result i couldn`t delete or rename it but could overwrite, what means i got what i wanted, but i`m not shure if it`s the 'proper chmod' and still need a script that will chmod all the media files like this. Making directories read-only doesn`t solve the problem for me. I need a script which chmods video files so that they cannot be deleted from the network. I don`t mind if they remind overwritable/rename-able etc. etc.
July 9, 200817 yr The only way to make files unable to be removed, is to make the directory permissions such that the account cannot modify the directory or set the share exported as read-only. I suppose you could have two shares named differently pointing to the same directory. Then one share is allowed by everyone and the maint share is only allowed by designated people.
July 9, 200817 yr But i don`t want to make the directories unwritable. I only want to make my media files undeletable. As a test i chmoded one file to 000, and as a result i couldn`t delete or rename it but could overwrite, what means i got what i wanted, but i`m not shure if it`s the 'proper chmod' and still need a script that will chmod all the media files like this. Making directories read-only doesn`t solve the problem for me. I need a script which chmods video files so that they cannot be deleted from the network. I don`t mind if they remind overwritable/rename-able etc. etc. I don't think what you are looking for is possible with unix permissions. As I said, as far as unix/Linux is concerned, the ability to delete files has NOTHING to do with the permissions of the file itself, but only of the folder they are in. This is complicated by the force=root, as root has permission to do anything, perhaps even ignoring the explicit permission of "000" (no read/write/ or execute permissions for owner, other in same group, or others) As far as SAMBA permissions, they might be able to be set to read-only, but the underlying files (and more importantly, the folders) will be still writable, and files still deletable from the command line... especially logged in as root. You can make the user-share read-only, and put an "exception" user (you on one of your PCs) as read/write. That is as close as you will get. I personally have my "disk" shares exported as read/write, but hidden. The "User" shares are read-only most of the time. Since those are the only ones visible to my media players, they are protected. When I want to interact directly with a file, I simply use //tower/disk3/Movies/xxxxxxxxx to get to it. Joe L.
July 9, 200817 yr The "User" shares are read-only most of the time. Does this make it so the files cannot be removed? I have not tested this, nor can I at the moment. If so this may be his answer. I.E. Unless, there is a future addition to the environment for admin user = xxxxxx Whereby this user has full permission no matter what and other users do not. As a test It could be put into one of the files manually... I would do it, however I'm running a really long torrent download so I have to wait a while (It's been running for weeks and is just about finished LOL!) Maybe what is needed is a Trash bin.
July 9, 200817 yr Author What if run samba from another limited account? Would i be able to do that then?
July 9, 200817 yr It would be easier to enable user level security, then modify the smb share file then run smb from a different account. Have you tried exporting the user share as READ-ONLY... if that works, just have two shares. One that everyone sees, and one that only an administrator account has access to.
July 9, 200817 yr Author I don`t know why, but changing the chmod to 000 gives the result i wanted, though you insist it`s impossible. Look here: I can overwrite the file as well as copy or open it, but cannot delete or rename the file and neither can i delete the directory it is in. Magic?
July 9, 200817 yr I don't have an answer. However I would try to access read/play with what ever media player you use. If you are satisfied, then go with it.
July 9, 200817 yr Author I`m satisfied as evertyhing works as i wanted. However i`m a bit confused. It works but as you said it shouldn`t. May i have any problems because of this f.eg. when i install newer version of unraid? Are my movies safe in such a configuration? P.S. I can use chmod 400 instead of 000 and it will give the same results. Which one should i use? May it have any influence?
July 9, 200817 yr Author HELP!!!!! I tried to delete the user share called test by typing "rm test -rf" from disk1 and disk2 and now they ARE SHOWN AS UNFORMATED and i cannot acess them!!?? Jesus! I hope i`ve not just lost my data?! What can i do now?! Look
July 9, 200817 yr I don`t know why, but changing the chmod to 000 gives the result i wanted, though you insist it`s impossible. Look here: I can overwrite the file as well as copy or open it, but cannot delete or rename the file and neither can i delete the directory it is in. Magic? You cannot delete the directory it is in, because the directory is not empty. As far as what error you will get on a windows box, when attempting to delete a unreadable file, only Bill Gates knows for sure. I am not an expert on how windows interperts Unix permissions. Trust me though, now that the file permissions are 000, try this log in via telnet then type rm /mnt/user/test/movies/sample\ movie\ 1/2.AVI It will be gone. I did an experiment. root@Tower:/mnt/user/data# cd usb root@Tower:/mnt/user/data/usb# ls -al total 2 drwxrwxrwx 1 root root 48 Feb 23 08:40 ./ drwxr-xr-x 1 root root 2440 Jun 22 20:16 ../ It is an empty directory, in it I create another new directory named "joe": root@Tower:/mnt/user/data/usb# mkdir joe root@Tower:/mnt/user/data/usb# cd joe Now, I cd into the new "joe" folder and create a file root@Tower:/mnt/user/data/usb/joe# touch 2.avi root@Tower:/mnt/user/data/usb/joe# ls -l total 0 -rw-r--r-- 1 root root 0 Jul 9 12:42 2.avi Now, I make it 000 permissions, not readable, nor writable, nor executable. root@Tower:/mnt/user/data/usb/joe# chmod 000 2.avi root@Tower:/mnt/user/data/usb/joe# ls -l total 0 ---------- 1 root root 0 Jul 9 12:42 2.avi Now, I cd up one directory root@Tower:/mnt/user/data/usb/joe# cd .. root@Tower:/mnt/user/data/usb# ls -al total 2 drwxrwxrwx 1 root root 48 Feb 23 08:40 ./ drwxr-xr-x 1 root root 2440 Jun 22 20:16 ../ drwxr-xr-x 1 root root 72 Jul 9 12:42 joe/ I now make the current directory unwritable, unreadable, un-searchable root@Tower:/mnt/user/data/usb# chmod 000 . root@Tower:/mnt/user/data/usb# ls -al total 2 d--------- 1 root root 48 Feb 23 08:40 ./ drwxr-xr-x 1 root root 2440 Jun 22 20:16 ../ drwxr-xr-x 1 root root 72 Jul 9 12:42 joe/ I also make the sub-directory unwritable, unreadable, unsearchable. root@Tower:/mnt/user/data/usb# chmod 000 joe root@Tower:/mnt/user/data/usb# ls -al total 2 d--------- 1 root root 48 Feb 23 08:40 ./ drwxr-xr-x 1 root root 2440 Jun 22 20:16 ../ d--------- 1 root root 72 Jul 9 12:42 joe/ Finally, I remove the file I had created earlier... root@Tower:/mnt/user/data/usb# rm joe/2.avi root@Tower:/mnt/user/data/usb# ls -l joe total 0 root@Tower:/mnt/user/data/usb# ls -al joe total 0 d--------- 1 root root 48 Jul 9 12:44 ./ d--------- 1 root root 48 Feb 23 08:40 ../ The file is gone, despite the folder it is in being mode 000, and the file being 000. SO... as we both said, in unix, directory permissions control the ability to unlink (remove) a file. However, if you are the root user, you have permission anyway. If Samba logs in as a different user, you will need to set permissions everywhere according to your needs. Experiment as you like with Samba. Just google "Samba Configuration" and you will get tons of things to read. Joe L.
July 9, 200817 yr telnet in as root cd /mnt cd to disk1 and do an ls -lR | more cd to disk2 and do an ls -lR | more if you have files there then everything is OK and something else is wrong with the state. I.E. emhttp is confused.
July 9, 200817 yr P.S. I can use chmod 400 instead of 000 and it will give the same results. Which one should i use? May it have any influence? PLEASE do not play around with the chmod command until you understand Unix permissions and the chmod bitmask.... otherwise you are asking for a world of pain and agony. Ooops ... I see it's already too late.
July 9, 200817 yr Odds are you were "cd'd to the disk when you tried to stop/start the unRAID array, since the disk was busy, it could not be unmounted. Since it was mounted already, the subsequent mount failed. unRAID considers ANY drive it cannot mount to be unformatted. So, "Stop" the array. Log off the telnet session, and try to "Start" the array once more. If still unformatted, let us know. If so, post a syslog BEFORE you reboot next. Whatever you do, do not let it format the drives... or you will lose data. Joe L.
July 9, 200817 yr Oh yes, this is NOT DOS... The command rm -rf test is NOT equivalent to rm test -rf
July 9, 200817 yr There is no disk1 and disk2!! Is your array Started? or Stopped? Joe L. Edit: I see it is started... Looks like you deleted the mount points for the drives if /mnt/disk1 and /mnt/disk2 do not exist. Joe L.
July 9, 200817 yr Author Odds are you were "cd'd to the disk when you tried to stop/start the unRAID array, since the disk was busy, it could not be unmounted. Since it was mounted already, the subsequent mount failed. unRAID considers ANY drive it cannot mount to be unformatted. So, "Stop" the array. Log off the telnet session, and try to "Start" the array once more. If still unformatted, let us know. If so, post a syslog BEFORE you reboot next. Whatever you do, do not let it format the drives... or you will lose data. Joe L. Ufff... I`ve performed this and it`s all right. Looks like (as you wrote) i didn`t log out of the console and stopped the array. Sorry for messing up! PLEASE do not play around with the chmod command until you understand Unix permissions and the chmod bitmask.... otherwise you are asking for a world of pain and agony. I understand chmod commands, and that`s why i mentioned 400 (it means readable for the owner and no one else so it`s 'more correct' than 000). As far as what error you will get on a windows box, when attempting to delete a unreadable file, only Bill Gates knows for sure. I am not an expert on how windows interperts Unix permissions. But the file is redable. I can play it and i can copy it, but not delete. SO... as we both said, in unix, directory permissions control the ability to unlink (remove) a file. However, if you are the root user, you have permission anyway. If Samba logs in as a different user, you will need to set permissions everywhere according to your needs. So why what i wrote worked as it worked? Is it eventually proper and can i use that?
July 10, 200817 yr Here is a LINK to a post that explains how to set up Samba read only shares. Not sure if it is what bartosz.kiepas wants to do, but may help others trying to accomplish something similar. Note that this and many other insider tips can be found on the Best of the Forums page (see link in my sig).
Archived
This topic is now archived and is closed to further replies.