Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

A script to lock files?

Featured Replies

Hello,

i need two scripts and i`m shure they are easy to write for some of you. My unraid box has now over two terabytes of movies. If i put there a movie once it remains for ever. That`s why i would like to be able to lock it so that nobody can delete it ever. I though that user-level security would be a good solution, but i`m looking for something else. I need two scripts: one which locks all the movie files (avi, mkv, m2ts, mts, mp4) inside specified folder and all the folders above in the hierarchy so that they can only be deleted from the console, not from the network and another which reverts the operation.

 

Thanks in advance!

What you are requesting is not as simple as it seems.   

 

In Linux/Unix, a file may be written to if it is writable (I know, obvious) Every file is writable by the "root" superuser.

In Linux/Unix, a file does not need to be writable to be deleted... Instead, the folder it is in must be writable.  If you cannot write to a folder, you cannot create OR delete files within it.... but you could still overwrite a file by opening it and writing to it.

 

In unRAID, the samba shares all seem to be configured with:

force user = root

 

So, it appears as if samba connects as if it is root.  With permissions to do anything it likes.

 

To experiment, you can try to turn off "write" permission on all the directories with something like this:

find /mnt/user/Movies -type d -exec chmod a-w {} \;

 

You can put it back with this:

find /mnt/user/Movies -type d -exec chmod a+w {} \;

 

Obviously, you would need to put your folder name in place if your user share is not named "Movies"  With this, a user would not be able to delete a file, but they would still be able to overwrite a file.  As I said, it is not as simple as it looks on the surface.  I'd make my user-shares exported as read-only... That would do most of what you want.

 

Joe L.

  • Author

Thanks for your explanation. To be clearer i`ll say: I want to lock media files so that nobody can delete them. Ok let them be writable, but not deletable. Is it however possible? My folder structure is made of the root folder - "Movies" and folders contained into, one per each movie. I need a script which will make all the media files into "Movies" folder undeletable and unmovable and another which will revert this.

 

I don`t know if i understood you. Tell me is it possible?

Thanks for your explanation. To be clearer i`ll say: I want to lock media files so that nobody can delete them. Ok let them be writable, but not deletable. Is it however possible? My folder structure is made of the root folder - "Movies" and folders contained into, one per each movie. I need a script which will make all the media files into "Movies" folder undeletable and unmovable and another which will revert this.

 

I don`t know if i understood you. Tell me is it possible?

 

I think what you are looking for is a way to make them read-only when accessed over the network shares.  I have a read only share called "mp3" that is used by my whole familiy with iTUNES.  I did not want anyone to accidentally delete any of the music, or change the tags in these files.  The read only mount gives me that protection.

 

But I know the super secret handshake to be able to access these files so that I can update and delete them (if I want to).

 

If samba is using force user = root then making the directories unwritable probably will not work.

 

 

  • Author

But i don`t want to make the directories unwritable. I only want to make my media files undeletable. As a test i chmoded one file to 000, and as a result i couldn`t delete or rename it but could overwrite, what means i got what i wanted, but i`m not shure if it`s the 'proper chmod' and still need a script that will chmod all the media files like this.

 

Making directories read-only doesn`t solve the problem for me. I need a script which chmods video files so that they cannot be deleted from the network. I don`t mind if they remind overwritable/rename-able etc. etc.

The only way to make files unable to be removed, is to make the directory permissions such that the account cannot modify the directory or set the share exported as read-only.

 

I suppose you could have two shares named differently pointing to the same directory.

Then one share is allowed by everyone and the maint share is only allowed by designated people.

 

But i don`t want to make the directories unwritable. I only want to make my media files undeletable. As a test i chmoded one file to 000, and as a result i couldn`t delete or rename it but could overwrite, what means i got what i wanted, but i`m not shure if it`s the 'proper chmod' and still need a script that will chmod all the media files like this.

 

Making directories read-only doesn`t solve the problem for me. I need a script which chmods video files so that they cannot be deleted from the network. I don`t mind if they remind overwritable/rename-able etc. etc.

I don't think what you are looking for is possible with unix permissions.

As I said, as far as unix/Linux is concerned, the ability to delete files has NOTHING to do with the permissions of the file itself, but only of the folder they are in.

This is complicated by the force=root, as root has permission to do anything, perhaps even ignoring the explicit permission of "000" (no read/write/ or execute permissions for owner, other in same group, or others)

 

As far as SAMBA permissions, they might be able to be set to read-only, but the underlying files (and more importantly, the folders) will be still writable, and files still deletable from the command line... especially logged in as root.

 

You can make the user-share read-only, and put an "exception" user (you on one of your PCs) as read/write.  That is as close as you will get.

 

I personally have my "disk" shares exported as read/write, but hidden.  The "User" shares are read-only most of the time.  Since those are the only ones visible to my media players, they are protected.  When I want to interact directly with a file, I simply use //tower/disk3/Movies/xxxxxxxxx to get to it.

 

Joe L.

The "User" shares are read-only most of the time.

Does this make it so the files cannot be removed? I have not tested this, nor can I at the moment.

If so this may be his answer.

 

I.E. Unless, there is a future addition to the environment for

admin user = xxxxxx

Whereby this user has full permission no matter what and other users do not.

As a test It could be put into one of the files manually...

I would do it, however I'm running a really long torrent download so I have to wait a while (It's been running for weeks and is just about finished LOL!)

 

Maybe what is needed is a Trash bin.

 

  • Author

What if run samba from another limited account? Would i be able to do that then?

It would be easier to enable user level security, then modify the smb share file then run smb from a different account.

 

Have you tried exporting the user share as READ-ONLY... if that works, just have two shares.

One that everyone sees, and one that only an administrator account has access to.

  • Author

I don`t know why, but changing the chmod to 000 gives the result i wanted, though you insist it`s impossible.

 

Look here:

worksza0.th.jpg

 

I can overwrite the file as well as copy or open it, but cannot delete or rename the file and neither can i delete the directory it is in.

 

Magic?

I don't have an answer. However I would try to access read/play with what ever media player you use.

If you are satisfied, then go with it.

  • Author

I`m satisfied as evertyhing works as i wanted. However i`m a bit confused. It works but as you said it shouldn`t. May i have any problems because of this f.eg. when i install newer version of unraid? Are my movies safe in such a configuration?

 

P.S. I can use chmod 400 instead of 000 and it will give the same results. Which one should i use? May it have any influence?

  • Author

HELP!!!!!

 

I tried to delete the user share called test by typing "rm test -rf" from disk1 and disk2 and now they ARE SHOWN AS UNFORMATED and i cannot acess them!!??

 

Jesus! I hope i`ve not just lost my data?! What can i do now?!

 

Look

28802827rw7.th.jpg

I don`t know why, but changing the chmod to 000 gives the result i wanted, though you insist it`s impossible.

 

Look here:

worksza0.th.jpg

 

I can overwrite the file as well as copy or open it, but cannot delete or rename the file and neither can i delete the directory it is in.

 

Magic?

You cannot delete the directory it is in, because the directory is not empty.

As far as what error you will get on a windows box, when attempting to delete a unreadable file, only Bill Gates knows for sure.  I am not an expert on how windows interperts Unix permissions.

 

Trust me though, now that the file permissions are 000, try this

log in via telnet then type

rm /mnt/user/test/movies/sample\ movie\ 1/2.AVI

 

It will be gone.

I did an experiment.

 

root@Tower:/mnt/user/data# cd usb

root@Tower:/mnt/user/data/usb# ls -al

total 2

drwxrwxrwx 1 root root   48 Feb 23 08:40 ./

drwxr-xr-x 1 root root 2440 Jun 22 20:16 ../

It is an empty directory, in it I create another new directory named "joe":

 

root@Tower:/mnt/user/data/usb# mkdir joe

root@Tower:/mnt/user/data/usb# cd joe

 

Now, I cd into the new "joe" folder and create a file

root@Tower:/mnt/user/data/usb/joe# touch 2.avi

root@Tower:/mnt/user/data/usb/joe# ls -l

total 0

-rw-r--r-- 1 root root 0 Jul  9 12:42 2.avi

Now, I make it 000 permissions, not readable, nor writable, nor executable.

root@Tower:/mnt/user/data/usb/joe# chmod 000 2.avi

root@Tower:/mnt/user/data/usb/joe# ls -l

total 0

---------- 1 root root 0 Jul  9 12:42 2.avi

Now, I cd up one directory

root@Tower:/mnt/user/data/usb/joe# cd ..

root@Tower:/mnt/user/data/usb# ls -al

total 2

drwxrwxrwx 1 root root   48 Feb 23 08:40 ./

drwxr-xr-x 1 root root 2440 Jun 22 20:16 ../

drwxr-xr-x 1 root root   72 Jul  9 12:42 joe/

I now make the current directory unwritable, unreadable, un-searchable

root@Tower:/mnt/user/data/usb# chmod 000 .

root@Tower:/mnt/user/data/usb# ls -al

total 2

d--------- 1 root root   48 Feb 23 08:40 ./

drwxr-xr-x 1 root root 2440 Jun 22 20:16 ../

drwxr-xr-x 1 root root   72 Jul  9 12:42 joe/

I also make the sub-directory unwritable, unreadable, unsearchable.

root@Tower:/mnt/user/data/usb# chmod 000 joe

root@Tower:/mnt/user/data/usb# ls -al

total 2

d--------- 1 root root   48 Feb 23 08:40 ./

drwxr-xr-x 1 root root 2440 Jun 22 20:16 ../

d--------- 1 root root   72 Jul  9 12:42 joe/

Finally, I remove the file I had created earlier...

root@Tower:/mnt/user/data/usb# rm joe/2.avi

root@Tower:/mnt/user/data/usb# ls -l joe

total 0

root@Tower:/mnt/user/data/usb# ls -al joe

total 0

d--------- 1 root root 48 Jul  9 12:44 ./

d--------- 1 root root 48 Feb 23 08:40 ../

The file is gone, despite the folder it is in being mode 000, and the file being 000.

 

SO... as we both said, in unix, directory permissions control the ability to unlink (remove) a file.  However, if you are the root user, you have permission anyway.  If Samba logs in as a different user, you will need to set permissions everywhere according to your needs.

 

Experiment as you like with Samba.  Just google "Samba Configuration" and you will get tons of things to read.

 

Joe L.

telnet in as root

 

cd /mnt

cd to disk1 and do an ls -lR | more

cd to disk2 and do an ls -lR | more

 

if you have files there then everything is OK and something else is wrong with the state.

I.E. emhttp is confused.

  • Author

There is no disk1 and disk2!! :o

P.S. I can use chmod 400 instead of 000 and it will give the same results. Which one should i use? May it have any influence?

 

PLEASE do not play around with the chmod command until you understand Unix permissions and the chmod bitmask.... otherwise you are asking for a world of pain and agony.

 

Ooops ... I see it's already too late.

Odds are you were "cd'd to the disk when you tried to stop/start the unRAID array, since the disk was busy, it could not be unmounted.

Since it was mounted already, the subsequent mount failed.  unRAID considers ANY drive it cannot mount to be unformatted.

 

So, "Stop" the array.

 

Log off the telnet session,  and try to "Start" the array once more.  If still unformatted, let us know.  If so, post a syslog BEFORE you reboot next.

Whatever you do, do not let it format the drives... or you will lose data.

 

Joe L.

Oh yes, this is NOT DOS...

 

The command

rm -rf test

is NOT equivalent to

rm test -rf

 

 

There is no disk1 and disk2!! :o

Is your array Started? or Stopped?

 

Joe L.

 

Edit: I see it is started... 

Looks like you deleted the mount points for the drives if /mnt/disk1 and /mnt/disk2 do not exist.

 

Joe L.

  • Author

Odds are you were "cd'd to the disk when you tried to stop/start the unRAID array, since the disk was busy, it could not be unmounted.

Since it was mounted already, the subsequent mount failed.  unRAID considers ANY drive it cannot mount to be unformatted.

 

So, "Stop" the array.

 

Log off the telnet session,  and try to "Start" the array once more.  If still unformatted, let us know.  If so, post a syslog BEFORE you reboot next.

Whatever you do, do not let it format the drives... or you will lose data.

 

Joe L.

 

Ufff... I`ve performed this and it`s all right. Looks like (as you wrote) i didn`t log out of the console and stopped the array.

 

Sorry for messing up!

 

 

PLEASE do not play around with the chmod command until you understand Unix permissions and the chmod bitmask.... otherwise you are asking for a world of pain and agony.

I understand chmod commands, and that`s why i mentioned 400 (it means readable for the owner and no one else so it`s 'more correct' than 000).

 

As far as what error you will get on a windows box, when attempting to delete a unreadable file, only Bill Gates knows for sure.  I am not an expert on how windows interperts Unix permissions.

But the file is redable. I can play it and i can copy it, but not delete.

 

SO... as we both said, in unix, directory permissions control the ability to unlink (remove) a file.  However, if you are the root user, you have permission anyway.  If Samba logs in as a different user, you will need to set permissions everywhere according to your needs.

So why what i wrote worked as it worked? Is it eventually proper and can i use that?

 

Here is a LINK to a post that explains how to set up Samba read only shares.  Not sure if it is what bartosz.kiepas wants to do, but may help others trying to accomplish something similar.

 

Note that this and many other insider tips can be found on the Best of the Forums page (see link in my sig).

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.