I want create a user with the permissions as read and write but not delete required folder or file. is it possible in ReadyNAS 3312. if there is no way, how to raise the request to organisation. please lte me know. Thank you.

Pretty much what StephenB said. Retired_Member But will sticky bit (t-bit) not do it for you? It does exactly what you want right? That is even an option in the GUI (under file access)... On a side note, your interpritation of how it should work is not considerate of several things. For example, you can't hide executables rights as a subsidary to read permissions. Yes, it is true that you need to read a file in order to excute it. But that is only because your interpreter needs to have those right (bash, python, curl, perl, etc.). However, in Linux many binary files can be executed without read permissions. You cannot just bundle the two :) Anyway, Linux works in this way and probably for a reason.

For those who wonder "why", here it is: To prevent accidental deletions. In the workplace, one needs to assume that the authorized users will not attempt to sabotage the server. But accidents happen. On a share I used to administer at work, a user accidently dragged one folder into another, causing several automated processes to start failing. Fortunately, I figured it out and restored the folder to it's rightful place. But had he accidently deleted it, I would have had to rely on snapshots to restore it, and work performed after the snapshot was taken would have been lost. Windows users often don't pay strict attention to the pop-up warning when deleting files. And they are spoiled by the Recycle Bin, as they can recover from most oopses. There being no recycle bin on a ReadyNAS (which there used to be in OS4.x and should optionally still be), there is less oops protection.

Hi Manohar , I saw you already putting this as an idea. Thanks again and kind regards.

Manohar wrote: I want create a user with the permissions as read and write but not delete required folder or file. To clarify, you want to separate write permission and delete permission. Practically speaking, if a user has write permission, then they can also rewrite the file so it has no content - which has a similar effect to deletion. So I am not understanding the use case here very well. If someone has write permission to the parent folder, then they can delete files in that folder. There's no way around that, it is fundamental to the way linux file permissions work. So you can prevent deletions, but the consequence is that the user won't be able to create new files in that folder either. I suggest that you enable snapshots for the share. Then accidentally deleted files can be recovered.

StephenB wrote: "Practically speaking, if a user has write permission, then they can also rewrite the file so it has no content - which has a similar effect to deletion. So I am not understanding the use case here very well." Well, the world is not always that simple. Let me try to explain a potential scenario where it matters. Imagine a situation, where users are not accessing the objects (files and directories) through a simple explorer, but use a (more or less) complex closed user interface, which allows them to collaberate on objects in a certain workflow, where people act in different roles fulfilling their duties in the context of a booking system for example. The basic capabilities these people have on objects (and that counts for directories and files) would be: (1) Creating, (2) Reading, (3) Editing (writing) and (4) Deleting. Depending on their roles different people are able to create a specific case, read it, modify it and finally delete it, if necessary. An application of this kind could not be implemented under an operating system, which would not be capable to make a difference between activities (3) and (4). Beyond that, if you want to distinguish between owners and non-owners of an object, it is getting even more complex (for example Author could delete, Editor could only write, but not delete). In a nutshell: A truely good operating system would give the security admin of an application all possible means to finetune the rights users could have to objects otherwise restricting the os capabilities in an unnecessary way. To me Manohar ,s suggestion makes a lot of sense in a context as described above. Perhaps (s)he has some more information on why (s)he is asking for this feature. Kind regards

is possible to set user permission as read and write but not delete files and folders Readynas 3312

11 Replies

Replies have been turned off for this discussion

Retired_Member
Apr 04, 2019
Hi Manohar , I saw you already putting this as an idea. Thanks again and kind regards.
StephenB
Guru - Experienced User
Apr 04, 2019
Manohar wrote:

I want create a user with the permissions as read and write but not delete required folder or file.

To clarify, you want to separate write permission and delete permission. Practically speaking, if a user has write permission, then they can also rewrite the file so it has no content - which has a similar effect to deletion. So I am not understanding the use case here very well.

If someone has write permission to the parent folder, then they can delete files in that folder. There's no way around that, it is fundamental to the way linux file permissions work. So you can prevent deletions, but the consequence is that the user won't be able to create new files in that folder either.

I suggest that you enable snapshots for the share. Then accidentally deleted files can be recovered.
- Retired_Member
  Apr 04, 2019
  StephenB wrote: "Practically speaking, if a user has write permission, then they can also rewrite the file so it has no content - which has a similar effect to deletion. So I am not understanding the use case here very well."
  
  Well, the world is not always that simple. Let me try to explain a potential scenario where it matters.
  
  Imagine a situation, where users are not accessing the objects (files and directories) through a simple explorer, but use a (more or less) complex closed user interface, which allows them to collaberate on objects in a certain workflow, where people act in different roles fulfilling their duties in the context of a booking system for example.
  
  The basic capabilities these people have on objects (and that counts for directories and files) would be: (1) Creating, (2) Reading, (3) Editing (writing) and (4) Deleting. Depending on their roles different people are able to create a specific case, read it, modify it and finally delete it, if necessary. An application of this kind could not be implemented under an operating system, which would not be capable to make a difference between activities (3) and (4). Beyond that, if you want to distinguish between owners and non-owners of an object, it is getting even more complex (for example Author could delete, Editor could only write, but not delete).
  
  In a nutshell: A truely good operating system would give the security admin of an application all possible means to finetune the rights users could have to objects otherwise restricting the os capabilities in an unnecessary way.
  
  To me Manohar ,s suggestion makes a lot of sense in a context as described above. Perhaps (s)he has some more information on why (s)he is asking for this feature. Kind regards
  - StephenB
    Guru - Experienced User
    Apr 04, 2019
    Retired_Member wrote:
    
    Imagine a situation, where users are not accessing the objects (files and directories) through a simple explorer, but use a (more or less) complex closed user interface, which allows them to collaberate on objects in a certain workflow, where people act in different roles fulfilling their duties in the context of a booking system for example.
    
    In cases like that, maintaining coherency of the work-flow is the job of the application - the booking system, not the file system. So I don't find that persuasive.
    
    Retired_Member wrote:
    
    To me Manohar ,s suggestion makes a lot of sense in a context as described above. Perhaps (s)he has some more information on why (s)he is asking for this feature.
    
    It would be helpful to know why.
    
    But the problem is that Linux permissions just don't work that way - especially if you want to prevent the owner of the file from deleting it. Perhaps Netgear could modify SAMBA to do it, but that of course wouldn't solve the problem for NFS,AFP, or FTP. Plus they'd have to port their mod every time they want to upgrade SAMBA. I'm just not seeing a good path to implement something like this.

Forum Discussion

is possible to set user permission as read and write but not delete files and folders Readynas 3312

11 Replies

Related Content

allow permission readynas folder torrent

ReadyNAS RN104 permissions issue

Internet Connection with M5 Nighthawk Not possible

ReadyNAS Ultra 2 shared resources and permissions.

ReadyNAS NV+ performance and file permission issues.

NETGEAR Academy

ProSupport for Business