dacne Posted August 20, 2010 Share Posted August 20, 2010 I'm trying to create our family foto archive. I'd like to set it up as WORM (write once read many), like a CD-R. A user may upload a file onto the server, but may not overwrite or remove it. Is this possible with the included vsftpd? Is there perhaps a filesystem/driver setting for WORM? Thanks for any info. Link to comment
gfjardim Posted August 20, 2010 Share Posted August 20, 2010 You can do that using a custom SMB share: telnet your server, and create a folder under "/mnt/user/" : Ex: mkdir /mnt/user/Photos After that, edit the file "config/smb-extra.conf" at your usb drive: Ex: [Photos] path = /mnt/user/Photos read only = No create mask = 0444 directory mask = 0777 map archive = No map hidden = No map system = No browseable = Yes browsable = Yes How it work: This will create a "Photos" share on your server, that will be browseable and writeable, and every file in the share will be created with read-only permission (create mask = 0444), so you won't be able to move, write or erase it after created. To modify the files, you will need to do it via telnet. Link to comment
WeeboTech Posted August 20, 2010 Share Posted August 20, 2010 Correct me if I'm wrong here, but if directory permissions are 0777, then the directory can be changed so files can be moved or removed. I think the user share needs to be set to readonly Then use a disk share to populate the Photo directory. There are other features such as admin users = which allow certain users read/write while the rest of the users are read only. Link to comment
gfjardim Posted August 20, 2010 Share Posted August 20, 2010 Correct me if I'm wrong here, but if directory permissions are 0777, then the directory can be changed so files can be moved or removed. I think the user share needs to be set to readonly Then use a disk share to populate the Photo directory. There are other features such as admin users = which allow certain users read/write while the rest of the users are read only. You're partially right, all folders can be renamed, empty folders can be deleted, and files can be moved between them, but all files are read-only, so them and non empty folders can't be erased. He wants to allow all users to freely populate the share, but not erase/overwrite the pictures. IMO that's the way to to that. Link to comment
Joe L. Posted August 20, 2010 Share Posted August 20, 2010 Correct me if I'm wrong here, but if directory permissions are 0777, then the directory can be changed so files can be moved or removed. I think the user share needs to be set to readonly Then use a disk share to populate the Photo directory. There are other features such as admin users = which allow certain users read/write while the rest of the users are read only. You're partially right, all folders can be renamed, empty folders can be deleted, and files can be moved between them, but all files are read-only, so them and non empty folders can't be erased. He wants to allow all users to freely populate the share, but not erase/overwrite the pictures. IMO that's the way to to that. I'm not sure how it works via samba, but in unix/linux if you have write permission on the directory you can remove any of the files in it, regardless of the file permissions. There may be some extended file/directory permission bits you can set to prevent that, but 777 sure isn't how to do it. Link to comment
gfjardim Posted August 20, 2010 Share Posted August 20, 2010 I've tested here and the result is the same I posted before; files are created as 444, and folders 777, you can do anything to folders but not to files, even those files created beneath the "executable" folders. As I remember samba doesn't overwrites any file permission, but it treat each file or folder singly, so the parent permissions doesn't affect its children. Therefore in samba you can have a 777 folder and a 444 child file, and that file maintain its read-only attribute on the share. If you browse that folder in the terminal, you can do anything to it, as the parent folder is universally writable. Joe, do you have any different approach? I know that attribute 600 on dirs and 400 on files should do the same, but what's your opinion? Link to comment
dacne Posted August 20, 2010 Author Share Posted August 20, 2010 I'd want to disallow moving files/directories. Too many experiences with accidentally dragging one folder inside another. I'm striving for a structured accumulating archive - once a file/directory is created it stays, like a CD-R. I'm actually going to have samba shares read only. That leaves ftp for uploads. VSFTPD has an option cmds_allowed which apparently allows just the commands specified. I need to come up with a list of commands wich will allow file/directory creation but not modification, deletion etc. Please share any suggestions to achieve this WORM like setup. Thanks! Link to comment
Joe L. Posted August 20, 2010 Share Posted August 20, 2010 I've tested here and the result is the same I posted before; files are created as 444, and folders 777, you can do anything to folders but not to files, even those files created beneath the "executable" folders. As I remember samba doesn't overwrites any file permission, but it treat each file or folder singly, so the parent permissions doesn't affect its children. Therefore in samba you can have a 777 folder and a 444 child file, and that file maintain its read-only attribute on the share. If you browse that folder in the terminal, you can do anything to it, as the parent folder is universally writable. Joe, do you have any different approach? I know that attribute 600 on dirs and 400 on files should do the same, but what's your opinion? I'm happy to learn that SAMBA can give the desired results, even if it can be subverted by someone at the linux command line level. I do know for certain that the permissions are changing in 5.0. There is in fact a conversion utility script to run when you first move to 5.0. It does this for each share under /mnt/disk* # remove Group and Other read, write, or execute/search permission chmod -R go-rwx $share # Removes execute permission for owner of files and directories chmod -R u-x $share # Gives the group the same permissions as the owner. chmod -R g+u $share # Set the Execute/search bit for owner and group if a directory. chmod -R ug+X $share # Set the group to users. (All files/directories will be in group users) chgrp -R users $share # set the owner of the files and directories to owner "nobody" chown -R nobody $share Link to comment
cassiusdrow Posted August 20, 2010 Share Posted August 20, 2010 I found this article: http://www.theopensourcerer.com/2008/04/17/a-shared-drop-box-using-samba/ Perhaps someone with more experience with Unix permissions on unRAID can adapt it. Link to comment
gfjardim Posted August 20, 2010 Share Posted August 20, 2010 Hum, for your needs, WeeboTech approach is better, you can make another user account in Windows and in unRAID, make all accounts read-only except that, and when you need to make any changes, you can logon at that account. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.