sspats
asked on
preserve directory structure
Hi !
I've got linux file server, that is used from windows (via Samba) and Linux (via nfs).
Users have common shared storage space under /home/sambashares
Time to time problems arise when some user unintentionally moves some folder to his home dir or some other place (mainly when drag&droping files via nautilus un win explorer)
What I want is to restrict users from moving/deleting directories under /home/sambashares, still giving access to write in those directories.
All users primary group is users
Directory permissions are
drwxrws-w- 15 username users 4096 mar 3 20:31 somedir
umask for all users 002
i doubt if can be done with standart linux rwx me:group:others permissions
maybe a script that makes pretend that those directories are "in use" ..
(although there is quite big structure total 10 directories with 10 dirs in each with 10-30 dirs in each, with 10 dirs in each ..)
i'm almoast sure that someone else has struggled wit this
I've got linux file server, that is used from windows (via Samba) and Linux (via nfs).
Users have common shared storage space under /home/sambashares
Time to time problems arise when some user unintentionally moves some folder to his home dir or some other place (mainly when drag&droping files via nautilus un win explorer)
What I want is to restrict users from moving/deleting directories under /home/sambashares, still giving access to write in those directories.
All users primary group is users
Directory permissions are
drwxrws-w- 15 username users 4096 mar 3 20:31 somedir
umask for all users 002
i doubt if can be done with standart linux rwx me:group:others permissions
maybe a script that makes pretend that those directories are "in use" ..
(although there is quite big structure total 10 directories with 10 dirs in each with 10-30 dirs in each, with 10 dirs in each ..)
i'm almoast sure that someone else has struggled wit this
There may be a solution but Im not aware of one. If the users have write access then they have delete access. If the directories are "In use" I would doubt whether you could write to them.
> restrict users from moving/deleting directories under /home/sambashares, still giving access to write in those directories.
chown root:<comman user group> /path-to-dir
chmod 775 /path-to-dir
Then users belong to that group can create/write files under that directory, but users cannot remove/delete that directory.
Wesly
chown root:<comman user group> /path-to-dir
chmod 775 /path-to-dir
Then users belong to that group can create/write files under that directory, but users cannot remove/delete that directory.
Wesly
ASKER
.. today i've noticed that one sub-directory, in wich was one opened file by another user was not moved. So - if there is an opened file in directory - it does not get moved, nor deleted, right
.. that brings me to idea of creating .directory_lock file in each directory and opening it with vi (or how do i else make to appear it in use). How would the script look like?
I just want to see the face of the admin that comes after me and will try to understand why there are 100 + files opened in vi all the time .. :)
Or any more ellegant sollytions ? .. like another filesystem that supports features like this? .. or does SELinux have features like this (although it's sooo sophisticated), just heared something about ACLs still not sure if its something useful for this problem. Or more simple sollution ? ..
.. that brings me to idea of creating .directory_lock file in each directory and opening it with vi (or how do i else make to appear it in use). How would the script look like?
I just want to see the face of the admin that comes after me and will try to understand why there are 100 + files opened in vi all the time .. :)
Or any more ellegant sollytions ? .. like another filesystem that supports features like this? .. or does SELinux have features like this (although it's sooo sophisticated), just heared something about ACLs still not sure if its something useful for this problem. Or more simple sollution ? ..
> if there is an opened file in directory - it does not get moved, nor deleted, right
Open from Windows, yes. Open from Linux, might be not, vi won't do the trick.
If the directory is owned by root (mapped to administrator in Windows), then only root can remove the directory,
none else can remove the directory.
find /home/sambashares -type d -exec chown root:<group name> {} \; -exec chmod 775 {} \;
Open from Windows, yes. Open from Linux, might be not, vi won't do the trick.
If the directory is owned by root (mapped to administrator in Windows), then only root can remove the directory,
none else can remove the directory.
find /home/sambashares -type d -exec chown root:<group name> {} \; -exec chmod 775 {} \;
ASKER
Wesly :
> chown root:<common user group> /path-to-dir
chmod 775 /path-to-dir
i think in that case
1. users of <common user group> still can move/delete that directory (rwx) (bad)
2. all other users can read files in that directory (bad)
> chown root:<common user group> /path-to-dir
chmod 775 /path-to-dir
i think in that case
1. users of <common user group> still can move/delete that directory (rwx) (bad)
2. all other users can read files in that directory (bad)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> find /home/sambashares -type d -exec chown root:<group name> {} \; -exec chmod 775 {} \;
By the way, "-type d" means that only search Directory, no file. So chmod 775 only apply on Directory.
By the way, "-type d" means that only search Directory, no file. So chmod 775 only apply on Directory.
ASKER
wesly_chen: My appologies - i didn't try this as i thought i understand the linux file permissions. But it realllly works! Can't believe that it's so simple. Exactlly in the way I need it! Thank you!
ASKER
.. well seams i haven't tested it enough again :) .
You cannot delete directory with 775 permissions belonging to root:users as user only if parent direcrory is read only for you! :(
You cannot delete directory with 775 permissions belonging to root:users as user only if parent direcrory is read only for you! :(
ASKER
just for the record :
Unintentionally I discovered that "sticky bit" does the trick:
so the command woud be
find /home/sambashares -type d -maxdepth X -exec chown root:users {} \; -exec chmod XXX {} \; -exec chmod +t {} \;
Unintentionally I discovered that "sticky bit" does the trick:
so the command woud be
find /home/sambashares -type d -maxdepth X -exec chown root:users {} \; -exec chmod XXX {} \; -exec chmod +t {} \;
Sspats, you are good. You find your own solution.
"sticky" bit on dir allow only owner can remove the files/dir under that directory.
"sticky" bit on dir allow only owner can remove the files/dir under that directory.