Can a user "write" but not "delete"?

tecmm7 · Aug 30, 2016

Hi, Im Matías from Argentina. Im new in FreeNAS, and my problem is with permission in sharing. I want to let my users copy all files in a shared folder (this shared folder is a RAID 5 in my FreeNAS), then they can execute this files and copy back to their pc, but I don't want to let them delete or modify. They going to have a shared unit in their Windows, and FreeFileSync auto-backup their files.
In another OS, for example Ubuntu Server, my shared folder have write permission but my SAMBA create a mask 0555 (read and execute) on the folder files, in that way, they can write but not delete or modify. Can I do this if I have only the CIFS permission? Can I install SAMBA in FreeNAS?

Sorry for my English and thanks.

Nick2253 · Aug 30, 2016

I think I understand what you're saying, but I don't think it can work.

To rephrase, what I think you want is to give users the ability to create new files, but you don't want them to be able to modify those files or delete files. Unfortunately, creating a new file colloquially involves two steps: creating a pointer in the file system, and then setting that points information. The second step is exactly what you do when you modify a file. If you give people the ability to create new files, all they get is the first step. So in order to create new files and populate those files with data, you also have to give them the ability to modify those files.

tecmm7 · Aug 31, 2016

This is I want to do, but this is with ubuntu server and samba4. I put 2 different permissions (or mask) but I don't know how can I do it in FreeNAS.

I made the video. Thanks

tecmm7 · Sep 12, 2016

Ericloewe · Sep 12, 2016

You're doing it wrong. DO NOT USE UNIX PERMISSIONS WITH SMB SHARES.

tecmm7 said:
Can I install SAMBA in FreeNAS?

FreeNAS uses Samba, no way around it.

Edit: Fixed stupid excessive bold text caused by XenForo bug

m0nkey_ · Sep 12, 2016

See the Samba how-to video in my signature.

anodos · Sep 13, 2016

You might be able to achieve this through ACLs using 'advanced permissions' on Windows. I haven't tried it myself and am somewhat skeptical about whether it effectively protects data. Users will be able to 'copy over' files or replace them with zero-length ones. You'd think this is a silly counter-example, but it happens in real life... a lot.

https://wiki.freenas.org/index.php/Methods_For_Fine-Tuning_Samba_Permissions#Access_Permissions

Edit: just realized you don't want them to be able to modify. In this case I don't think what you want is possible through just ACLs.

agartha79 · Aug 25, 2017

What about setting the immutable flag on all files/dirs you want to protect from deletion like this:

Code:

$ chflags schg <file/dir>

There is also the sappnd flag, but I couldn't get that one to work.

anodos · Aug 25, 2017

agartha79 said:
What about setting the immutable flag on all files/dirs you want to protect from deletion like this:

Code:
$ chflags schg <file/dir>

There is also the sappnd flag, but I couldn't get that one to work.

The samba vfs_worm module is probably a better fit.

agartha79 · Aug 26, 2017

anodos said:
The samba vfs_worm module is probably a better fit.

Thanks for mentioning vfs_worm. I'll try that.

Important Announcement for the TrueNAS Community.

Can a user "write" but not "delete"?

tecmm7

Cadet

Nick2253

Wizard

tecmm7

Cadet

tecmm7

Cadet

Ericloewe

Server Wrangler

m0nkey_

MVP

anodos

Sambassador

agartha79

Cadet

anodos

Sambassador

agartha79

Cadet

Similar threads