[CentOS] Samba Permissions - Sanity check

Thu Feb 19 22:02:03 UTC 2009
Scott Silva <ssilva at sgvwater.com>

on 2-19-2009 1:53 PM Tim Nelson spake the following:
> ----- "Scott Silva" <ssilva at sgvwater.com> wrote:
>> on 2-19-2009 1:31 PM Tim Nelson spake the following:
>>> ----- "MHR" <mhullrich at gmail.com> wrote:
>>>> On Thu, Feb 19, 2009 at 12:15 PM, nate
>> <centos-T6AQWPvKiI1cRAk/VAjCeQ at public.gmane.org>
>>>> wrote:
>>>>> Tim Nelson wrote:
>>>>>
>>>>>> I've been around and around on this topic and I'm just hoping
>>>> someone can
>>>>>> give me a little sanity by confirming 'yay or nay' whether this
>> is
>>>> possible
>>>>>> or not.
>>>>> It may be possible to prevent them from deleting a file, but if
>>>> they
>>>>> have write access it wouldn't be possible from effectively
>> deleting
>>>>> the file by wiping it's contents(truncating it).
>>>>>
>>>> However, file creation and deletion are functions of the directory
>>>> permissions where the file resides.  If a directory allows a user
>> to
>>>> write to it, they can create and delete files in that directory
>> with
>>>> reckless abandon.
>>>>
>>>> There are probably some intricate ways around this particular
>>>> problem,
>>>> but they can get pretty complicated really fast.
>>>>
>>>> HTH.
>>>>
>>>> mhr
>>> I've been trying to devise a way around this problem and as you
>> mentioned, it gets extremely complicated quickly. It's even more
>> complicated than allowing users to delete files and restoring the file
>> from a backup set. Well, at least I don't feel I'm going insane
>> anymore (for now...).
>>> Thank you to all who responded.
>>>
>>> --Tim
>> I have enabled the recycle bin vfs object on my systems. That way a
>> user has
>> to really try and delete a file to make it go away. Like windows, they
>> would
>> have to delete it, go look in the recycle bin (that you can hide) and
>> delete
>> it again.
>> It has saved me many hours of recovering stuff.
> 
> Ooooooo! This may indeed be a partial solution. 'Administrators' could have access to the Recycle Bin to restore deleted items where 'users' would not have access. Interesting...
> 
> --Tim
And you can also set it to keep versions of deleted files.
Pretty cool!
But beware of most of the docs on the internet that mention creating a
"recycle.conf" file. That option has been broken for some time, and you need
to put all the definitions into smb.conf directly.

Check the last post on this page for the syntax;

http://ubuntuforums.org/showthread.php?t=155763&page=2



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20090219/095e6b15/attachment-0005.sig>