NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
merlinux16
Nov 21, 2016Aspirant
ReadyNAS102 - protection of truecrypt-file against delete
All my data on RN102 are saved in one truecrypt-file -"truecrypt_dad"- created on a laptop (OS Debian 8). This means that the RN102 manages only one file -"truecrypt_dad"-. With the below described ...
merlinux16
Nov 21, 2016Aspirant
Thank you for your reply.
Both users "dad" and "mom" shall access to the file "truecrypt_dad". Only the user "dad" shall have the permission to delete "truecrypt_dad".
The question is: why is the user "mom" allowed to delete the "truecrypt_dad" if there are no permissions to rename it and move it into trash? Why is "DELETE" still active? I cannot understand this behavior.
If "DELETE" would not be active than everything would be fine for me.
StephenB
Nov 21, 2016Guru - Experienced User
merlinux16 wrote:
Why is "DELETE" still active? I cannot understand this behavior.
Linux doesn't have a separate "delete" permission. Deleting a file is done by modifying the folder the file is in. If you give someone write permission to that folder, then you are giving them permission to delete the files in it.
You are allowing mom the ability to write to /data/dad (since anyone in the parents group has that permission).
- merlinux16Nov 22, 2016AspirantThank you for your reply. I modified the permission structure of folder "dad" as suggested by you and eliminated the write permission for group parents. Now /data/dad has "drwxr-x--T+" instead of "drwxrwx--T+". Owner and group are "dad" and "parents" as before. Unfortunately the user "mom" has still the possibility to delete all files! The only change is that (obviously) no new files can be created by "mom". The only possibility to avoid that the group "parents" delete something in /data/dad is to set "read only" in the window "network access" of share "dad" on the NAS-web-administration-surface. But in this way the user "mom" cannot work anymore with file "truecrypt_dad". I have the impression that the settings in "network access" of each NAS share have the right of way compared to the standard Linux permissions. According my understanding the NAS-system is given write permissions to the group parent in the folder "dad", even if the permissions structure is modified into "drwxr-x--T+". Do you see any possibility to solve my question? Thank you in advance for your support.
- StephenBNov 22, 2016Guru - Experienced User
You should be able to make the share read-only for mom (or perhaps "everyone") and read/write for dad via the network settings for the share. That should block mom's ability to delete the file. It should also prevent mom from writing to the file.
- merlinux16Nov 23, 2016Aspirant
I'm able to make the share read-only for mom and read write for dad via the network settings for the share. This is not the problem. But I want that mom can write but cannot delete. This is a typical requirement for workgroups and not only an idea of mine. In a normal Linux system this is made with the sticky bit. If the stick bit is set on a directory, than only the owner can delete the files inside, even if the group has write permissions.
The NAS system has set automatically the sticky bit to /data/dad, this is the "T" in the permissions "drwxrwx--T+". But it works only partly, because as described in the first post, the user mom can write but cannot rename and cannot move the file into trash. I wrote also that the user mom get an error message by attempting to rename and to delete, even if mom has read write permissions via the network settings for the share. It means that the sticky bit is working, but not completely. For a reason which is not clear to me in the same error message the button delete is active and mom can delete. The sticky bit works only partly and I don't understand why. Only the network settings for the share have an influence on button delete. On the NAS is only network SMB activated. Is it samba? Do the network settings change the samba-permissions? Is it possible to activate the sticky bit via samba-permissions?
Thanks again for your support
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!