Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Write Once Read Many (WORM) file archive

Featured Replies

I'm trying to create our family foto archive. I'd like to set it up as WORM (write once read many), like a CD-R. A user may upload a file onto the server, but may not overwrite or remove it. Is this possible with the included vsftpd? Is there perhaps a filesystem/driver setting for WORM? Thanks for any info.

You can do that using a custom SMB share:

 

telnet your server, and create a folder under "/mnt/user/" :

 

Ex: mkdir /mnt/user/Photos

 

After that, edit the file "config/smb-extra.conf" at your usb drive:

 

Ex:

 

[Photos]

path = /mnt/user/Photos

read only = No

create mask = 0444

directory mask = 0777

map archive = No

map hidden = No

map system = No

browseable = Yes

browsable = Yes

 

How it work:

 

This will create a "Photos" share on your server, that will be browseable and writeable, and every file in the share will be created with read-only permission (create mask = 0444), so you won't be able to move, write or erase it after created. To modify the files, you will need to do it via telnet.

Correct me if I'm wrong here, but if directory permissions are 0777, then the directory can be changed so files can be moved or removed.

 

I think the user share needs to be set to readonly

Then use a disk share to populate the Photo directory.

 

There are other features such as admin users =

which allow certain users read/write while the rest of the users are read only.

Correct me if I'm wrong here, but if directory permissions are 0777, then the directory can be changed so files can be moved or removed.

 

I think the user share needs to be set to readonly

Then use a disk share to populate the Photo directory.

 

There are other features such as admin users =

which allow certain users read/write while the rest of the users are read only.

 

You're partially right, all folders can be renamed, empty folders can be deleted, and files can be moved between them, but all files are read-only, so them and non empty folders can't be erased.

 

He wants to allow all users to freely populate the share, but not erase/overwrite the pictures. IMO that's the way to to that.

Correct me if I'm wrong here, but if directory permissions are 0777, then the directory can be changed so files can be moved or removed.

 

I think the user share needs to be set to readonly

Then use a disk share to populate the Photo directory.

 

There are other features such as admin users =

which allow certain users read/write while the rest of the users are read only.

 

You're partially right, all folders can be renamed, empty folders can be deleted, and files can be moved between them, but all files are read-only, so them and non empty folders can't be erased.

 

He wants to allow all users to freely populate the share, but not erase/overwrite the pictures. IMO that's the way to to that.

I'm not sure how it works via samba, but in unix/linux if you have write permission on the directory you can remove any of the files in it, regardless of the file permissions.

 

There may be some extended file/directory permission bits you can set to prevent that, but 777 sure isn't how to do it.

I've tested here and the result is the same I posted before; files are created as 444, and folders 777, you can do anything to folders but not to files, even those files created beneath the "executable" folders. As I remember samba doesn't overwrites any file permission, but it treat each file or folder singly, so the parent permissions doesn't affect its children. Therefore in samba you can have a 777 folder and a 444 child file, and that file maintain its read-only attribute on the share. If you browse that folder in the terminal, you can do anything to it, as the parent folder is universally writable.

 

Joe, do you have any different approach? I know that attribute 600 on dirs and 400 on files should do the same, but what's your opinion?

  • Author

I'd want to disallow moving files/directories. Too many experiences with accidentally dragging one folder inside another. I'm striving for a structured accumulating archive - once a file/directory is created it stays, like a CD-R. I'm actually going to have samba shares read only. That leaves ftp for uploads. VSFTPD has an option cmds_allowed which apparently allows just the commands specified. I need to come up with a list of commands wich will allow file/directory creation but not modification, deletion etc. Please share any suggestions to achieve this WORM like setup. Thanks!

I've tested here and the result is the same I posted before; files are created as 444, and folders 777, you can do anything to folders but not to files, even those files created beneath the "executable" folders. As I remember samba doesn't overwrites any file permission, but it treat each file or folder singly, so the parent permissions doesn't affect its children. Therefore in samba you can have a 777 folder and a 444 child file, and that file maintain its read-only attribute on the share. If you browse that folder in the terminal, you can do anything to it, as the parent folder is universally writable.

 

Joe, do you have any different approach? I know that attribute 600 on dirs and 400 on files should do the same, but what's your opinion?

I'm happy to learn that SAMBA can give the desired results, even if it can be subverted by someone at the linux command line level.

 

I do know for certain that the permissions are changing in 5.0.  There is in fact a conversion utility script to run when you first move to 5.0.

 

It does this for each share under /mnt/disk*

 

# remove Group and Other read, write, or execute/search permission

chmod -R go-rwx $share

 

# Removes execute permission for owner of files and directories

chmod -R u-x $share

 

# Gives the group the same permissions as the owner.

chmod -R g+u $share

 

# Set the Execute/search bit for owner and group if a directory.

chmod -R ug+X $share

 

# Set the group to users.  (All files/directories will be in group users)

chgrp -R users $share

 

# set the owner of the files and directories to owner "nobody" 

chown -R nobody $share

 

Hum, for your needs, WeeboTech approach is better, you can make another user account in Windows and in unRAID, make all accounts read-only except that, and when you need to make any changes, you can logon at that account.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.