[CentOS] Samba Permissions - Sanity check

Les Mikesell lesmikesell at gmail.com
Tue Feb 24 17:52:18 UTC 2009


Tim Nelson wrote:
> 
>>> It may be possible to prevent them from deleting a file, but if
>> they
>>> have write access it wouldn't be possible from effectively deleting
>>> the file by wiping it's contents(truncating it).
>>>
>> However, file creation and deletion are functions of the directory
>> permissions where the file resides.  If a directory allows a user to
>> write to it, they can create and delete files in that directory with
>> reckless abandon.
>>
>> There are probably some intricate ways around this particular
>> problem,
>> but they can get pretty complicated really fast.
>>
> 
> I've been trying to devise a way around this problem and as you mentioned, it gets extremely complicated quickly. It's even more complicated than allowing users to delete files and restoring the file from a backup set. Well, at least I don't feel I'm going insane anymore (for now...).
> 
> Thank you to all who responded.

If you really want a versioning facility where you can commit things to 
a repository in a way that any version ever committed can be recalled, 
look at subversion or similar systems (and use the server setup, don't 
let users have write access through the filesystem).  There are cross 
platform tools for subversion that you can use instead of samba.

If nightly backups are sufficient, look at backuppc 
(http://backuppc.sourceforge.net/).  It makes the restores as simple as 
selecting what you want in a web interface and is very efficient with 
the required on-line disk space.

-- 
   Les Mikesell
     lesmikesell at gmail.com




More information about the CentOS mailing list