prevent other then office files on sahre

[scorpoin]

Greetings,

I have created share for all users and I want my users to save only ms office / libre office files in their shared folder instead of any other file/extension.

Regards

 

[xness]

That's a terrible constraint. One that cannot be enforced properly either – starting with the temporary files Word / Excel generates within the same folder when opening them on the share to no error message existing, informing the user they can only save extension A, B, C. Apart from that – technically it doesn't make any sense either, as it doesn't provide any additional security since any file can also be polyglot: https://github.com/ansemjo/truepolyglot

This is something you have to solve through process, not technical constraint.

Otherwise you're better off creating a small script that runs every minute and deletes all files that do not match extension A, B, C.

 

[anodos]

That's a terrible constraint. One that cannot be enforced properly either – starting with the temporary files Word / Excel generates within the same folder when opening them on the share to no error message existing, informing the user they can only save extension A, B, C. Apart from that – technically it doesn't make any sense either, as it doesn't provide any additional security since any file can also be polyglot: https://github.com/ansemjo/truepolyglot

This is something you have to solve through process, not technical constraint.

Otherwise you're better off creating a small script that runs every minute and deletes all files that do not match extension A, B, C.

Automated deletion is also a dangerous idea. Users can fat-finger file names and end up with the wrong extension (which is just a part of the file name string). In general filtering based on file extension is not a great idea. It's trivially bypassed by users renaming files and can prevent applications from working correctly.

If this is a general "people shouldn't be writing this type of stuff here" issue, then maybe having a script to generate a report of who is misusing the server and take appropriate administrative action via management (this is more of a people issue than a technology issue).

 

[scorpoin]

@anodos agree. let me check what can be done.

 

[HoneyBadger]

(this is more of a people issue than a technology issue).

Agree, but it often helps to reinforce the policy with a light technical hand. Work in layers.

Something like applying the SMB veto files options for heavy space consumers (eg: ISO, MP4, etc) or potential infection vectors (eg: VBS, SCR, EXE) - have it be fairly permissive.

smb.conf

www.freebsd.org

This gives you the technical measure as the "first step" - keep the reporting options on file type, space consumption/quotas as your second level. If someone is deliberately renaming files to bypass it, then you definitely have a "people issue" as mentioned, and it's a lot harder for someone to claim they "didn't know we couldn't store our downloaded movies here" if they had to rename it to Pirated_Movie.mp4.txt