NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

merlinux16's avatar
merlinux16
Aspirant
Nov 21, 2016

ReadyNAS102 - protection of truecrypt-file against delete

All my data on RN102 are saved in one truecrypt-file -"truecrypt_dad"- created on a laptop (OS Debian 8). This means that the RN102 manages only one file -"truecrypt_dad"-.

With the below described permission structure both users "dad" and "mom" can read and write the file "truecrypt_dad" from the laptop (OS Debian 8).

I want to protect the file "truecrypt_dad" against delete from user "mom", but I cannot find a solution.

MY PROBLEM: The user "mom", by attempting to delete "truecrypt_dad" does receive an errore message - "permission denied - you have not sufficient permissions to move the file into the trash" (free translated from german) - which is OK for me. But on the same window the button "DELETE" is still active and the user "mom" can delete the file!. To complete the confusion the user "mom" cannot rename the file due to insufficient permissions, which is also OK for me.

On one side the user "mom" cannot rename (OK for me) and cannot move into trash (OK for me), but on the other side can delete (not OK for me) the file.

I want to protect the file "truecrypt_dad" against delete from user "mom". There is a solution and an explanation for the strange behaviour mentioned above?

Thank you.

 

Technical data

Laptop description: OS Debain 8

extract from /etc/fstab of user "dad"

#nas

//IP/dad/ /media/dad cifs users,noauto,username=dad,passwd=dad 0 0

 

extract from /etc/fstab of user "mom"

#nas

//IP/dad/ /media/dad cifs users,noauto,username=mom,passwd=mom 0 0

 

NAS description: ReadyNAS102, Firmware 6.6.0, 2x 2TB

Configuration after factory reset:

SSH: activated

USERS/GROUPS

User     Group    comment

admin    admin    default user

dad        parents

mom      parents

 

SHARES

file/directory                    owner  group    permissions   comment

/data                                 root   root     drwxr-xr-x    default share; default permissions

 

/data/dad                          dad    parents  drwxrwx--T+   ACLs and Sticky-bit created by RN102; ALSs: rwx for admin

/data/dad/truecrypt_dad  dad    parents  -rwxrwx---+   file created with tuecrypt on laptop

7 Replies

  • StephenB's avatar
    StephenB
    Guru - Experienced User

    Try changing the permissions on the dad directory so that the group doesn't have write permission.

    • merlinux16's avatar
      merlinux16
      Aspirant

      Thank you for your reply.

       

      Both users "dad" and "mom" shall access to the file "truecrypt_dad". Only the user "dad" shall have the permission to delete "truecrypt_dad".

       

      The question is: why is the user "mom" allowed to delete the "truecrypt_dad" if there are no permissions to rename it and move it into trash? Why is "DELETE" still active? I cannot understand this behavior.

       

      If "DELETE" would not be active than everything would be fine for me.

       

       

      • StephenB's avatar
        StephenB
        Guru - Experienced User

        merlinux16 wrote:

        Why is "DELETE" still active? I cannot understand this behavior.

          


        Linux doesn't have a separate "delete" permission. Deleting a file is done by modifying the folder the file is in.  If you give someone write permission to that folder, then you are giving them permission to delete the files in it.

         

        You are allowing mom the ability to write to /data/dad (since anyone in the parents group has that permission).

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More