NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
is possible to set user permission as read and write but not delete files and folders Readynas 3312
I want create a user with the permissions as read and write but not delete required folder or file. is it possible in ReadyNAS 3312. if there is no way, how to raise the request to organisation. plea...
StephenB wrote: "Practically speaking, if a user has write permission, then they can also rewrite the file so it has no content - which has a similar effect to deletion. So I am not understanding the use case here very well."
Well, the world is not always that simple. Let me try to explain a potential scenario where it matters.
Imagine a situation, where users are not accessing the objects (files and directories) through a simple explorer, but use a (more or less) complex closed user interface, which allows them to collaberate on objects in a certain workflow, where people act in different roles fulfilling their duties in the context of a booking system for example.
The basic capabilities these people have on objects (and that counts for directories and files) would be: (1) Creating, (2) Reading, (3) Editing (writing) and (4) Deleting. Depending on their roles different people are able to create a specific case, read it, modify it and finally delete it, if necessary. An application of this kind could not be implemented under an operating system, which would not be capable to make a difference between activities (3) and (4). Beyond that, if you want to distinguish between owners and non-owners of an object, it is getting even more complex (for example Author could delete, Editor could only write, but not delete).
In a nutshell: A truely good operating system would give the security admin of an application all possible means to finetune the rights users could have to objects otherwise restricting the os capabilities in an unnecessary way.
To me Manohar ,s suggestion makes a lot of sense in a context as described above. Perhaps (s)he has some more information on why (s)he is asking for this feature. Kind regards
Retired_Member wrote:
Imagine a situation, where users are not accessing the objects (files and directories) through a simple explorer, but use a (more or less) complex closed user interface, which allows them to collaberate on objects in a certain workflow, where people act in different roles fulfilling their duties in the context of a booking system for example.
In cases like that, maintaining coherency of the work-flow is the job of the application - the booking system, not the file system. So I don't find that persuasive.
Retired_Member wrote:
To me Manohar ,s suggestion makes a lot of sense in a context as described above. Perhaps (s)he has some more information on why (s)he is asking for this feature.
It would be helpful to know why.
But the problem is that Linux permissions just don't work that way - especially if you want to prevent the owner of the file from deleting it. Perhaps Netgear could modify SAMBA to do it, but that of course wouldn't solve the problem for NFS,AFP, or FTP. Plus they'd have to port their mod every time they want to upgrade SAMBA. I'm just not seeing a good path to implement something like this.
Write permissions = full permissions over that file and that includes deletes.
But as StephenB said, what is point here? If someone can modify a file they can alter it entirely anyway... What is a delete prevention going to help with?
File Access Modes
The permissions of a file are the first line of defense in the security of a Unix system. The basic building blocks of Unix permissions are the read, write, and execute permissions, which have been described below −
Read
Grants the capability to read, i.e., view the contents of the file.
Write
Grants the capability to modify, or remove the content of the file.
Execute
User with execute permissions can run a file as a program.
To add... as I posted in your suggestion: You can use the t-bit on the parent folder as this prevents deletion of files by people do not own the files.
Hopchen wrote: "What is a delete prevention going to help with?"
It makes it more difficult to remove traces, which could be a desired security feature.
Hopchen wrote: "File Access Modes" and "The basic building blocks of Unix permissions are the read, write, and execute permissions" and "User with execute permissions can run a file as a program."
That concept as you are describing it is inconsistent. Let me be specific:
(1) Execute is not a basic file access mode, because you need at least read rights to execute an executable. You cannot execute without reading it.
(2) So, as read is primary we could call execute a secondary access mode or a meta access mode. Users cannot run progams, but they can tell the machine to run a file as a program. Once that is kicked off, the user even might no longer be in control, as the machine might assume (many) different roles (at the same time) during execution. The rights the user had on the file might even be revoked throughout the process. So, to my understanding true basic file access modes are (1) create (2) read (3) write and (4) delete. Just because we accepted your described concept for decades since Linus implemented it in Linux does not make it more consistent. For understanding user activities on files it is practical, but not consistent.
Retired_Member wrote:
That concept as you are describing it is inconsistent. ... Just because we accepted your described concept for decades since Linus implemented it in Linux does not make it more consistent. ...
Retired_Member: Our opinions on this really don't matter. Linux file permissions are what they are - we don't have the ability to change the framework, and neither does Netgear. They certainly aren't going to switch to a different OS either.
I think we need to wind this down, as it can't go anywhere useful here. If you want to pursue it, then maybe try https://forum.linuxfoundation.org/
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
