Reply
Highlighted
Initiate

is possible to set user permission as read and write but not delete files and folders Readynas 3312

I want create a user with the permissions as read and write but not delete required folder or file. is it possible in ReadyNAS 3312. if there is no way, how to raise the request to organisation. please lte me know.

Thank you.

Model: RR3312| ReadyNAS 12 Bays with up to 120TB total storage
Message 1 of 12
Highlighted
Retired_Member
Not applicable

Re: is possible to set user permission as read and write but not delete files and folders Readynas 3

Hi @Manohar , I saw you already putting this as an idea. Thanks again and kind regards.

Message 2 of 12
Highlighted
Guru

Re: is possible to set user permission as read and write but not delete files and folders Readynas 3


@Manohar wrote:

I want create a user with the permissions as read and write but not delete required folder or file.


To clarify, you want to separate write permission and delete permission.  Practically speaking, if a user has write permission, then they can also rewrite the file so it has no content - which has a similar effect to deletion.  So I am not understanding the use case here very well.

 

If someone has write permission to the parent folder, then they can delete files in that folder.  There's no way around that, it is fundamental to the way linux file permissions work.  So you can prevent deletions, but the consequence is that the user won't be able to create new files in that folder either.  

 

I suggest that you enable snapshots for the share.  Then accidentally deleted files can be recovered.

Message 3 of 12
Highlighted
Retired_Member
Not applicable

Re: is possible to set user permission as read and write but not delete files and folders Readynas 3

@StephenB wrote: "Practically speaking, if a user has write permission, then they can also rewrite the file so it has no content - which has a similar effect to deletion. So I am not understanding the use case here very well."

 

Well, the world is not always that simple. Let me try to explain a potential scenario where it matters.

 

Imagine a situation, where users are not accessing the objects (files and directories) through a simple explorer, but use a (more or less) complex closed user interface, which allows them to collaberate on objects in a certain workflow, where people act in different roles fulfilling their duties in the context of a booking system for example.

The basic capabilities these people have on objects (and that counts for directories and files) would be: (1) Creating, (2) Reading, (3) Editing (writing) and (4) Deleting. Depending on their roles different people are able to create a specific case, read it, modify it and finally delete it, if necessary. An application of this kind could not be implemented under an operating system, which would not be capable to make a difference between activities (3) and (4). Beyond that, if you want to distinguish between owners and non-owners of an object, it is getting even more complex (for example Author could delete, Editor could only write, but not delete).

In a nutshell: A truely good operating system would give the security admin of an application all possible means to finetune the rights users could have to objects otherwise restricting the os capabilities in an unnecessary way.

To me @Manohar ,s suggestion makes a lot of sense in a context as described above. Perhaps (s)he has some more information on why (s)he is asking for this feature. Kind regards

Message 4 of 12
Highlighted
Guru

Re: is possible to set user permission as read and write but not delete files and folders Readynas 3


@Retired_Member wrote:

Imagine a situation, where users are not accessing the objects (files and directories) through a simple explorer, but use a (more or less) complex closed user interface, which allows them to collaberate on objects in a certain workflow, where people act in different roles fulfilling their duties in the context of a booking system for example.

 


In cases like that, maintaining coherency of the work-flow is the job of the application - the booking system, not the file system.  So I don't find that persuasive.

 


@Retired_Member wrote:

To me @Manohar ,s suggestion makes a lot of sense in a context as described above. Perhaps (s)he has some more information on why (s)he is asking for this feature. 


It would be helpful to know why.

 

But the problem is that Linux permissions just don't work that way - especially if you want to prevent the owner of the file from deleting it.  Perhaps Netgear could modify SAMBA to do it, but that of course wouldn't solve the problem for NFS,AFP, or FTP.  Plus they'd have to port their mod every time they want to upgrade SAMBA.  I'm just not seeing a good path to implement something like this.

 

Message 5 of 12
Highlighted
Prodigy

Re: is possible to set user permission as read and write but not delete files and folders Readynas 3

Write permissions = full permissions over that file and that includes deletes.

But as @StephenB said, what is point here? If someone can modify a file they can alter it entirely anyway... What is a delete prevention going to help with?

 

File Access Modes

The permissions of a file are the first line of defense in the security of a Unix system. The basic building blocks of Unix permissions are the read, write, and execute permissions, which have been described below −

Read

Grants the capability to read, i.e., view the contents of the file.

Write

Grants the capability to modify, or remove the content of the file.

Execute

User with execute permissions can run a file as a program.

Former NETGEAR Employee.
Views and opinions are my own.
Message 6 of 12
Highlighted
Prodigy

Re: is possible to set user permission as read and write but not delete files and folders Readynas 3

To add... as I posted in your suggestion: You can use the t-bit on the parent folder as this prevents deletion of files by people do not own the files.

Former NETGEAR Employee.
Views and opinions are my own.
Message 7 of 12
Highlighted
Retired_Member
Not applicable

Re: is possible to set user permission as read and write but not delete files and folders Readynas 3

@Hopchen wrote: "What is a delete prevention going to help with?"

 

It makes it more difficult to remove traces, which could be a desired security feature.

 

@Hopchen wrote: "File Access Modes" and "The basic building blocks of Unix permissions are the read, write, and execute permissions" and "User with execute permissions can run a file as a program."

 

That concept as you are describing it is inconsistent. Let me be specific:

(1) Execute is not a basic file access mode, because you need at least read rights to execute an executable. You cannot execute without reading it.

(2) So, as read is primary we could call execute a secondary access mode or a meta access mode. Users cannot run progams, but they can tell the machine to run a file as a program. Once that is kicked off, the user even might no longer be in control, as the machine might assume (many) different roles (at the same time) during execution. The rights the user had on the file might even be revoked throughout the process. So, to my understanding true basic file access modes are (1) create (2) read (3) write and (4) delete. Just because we accepted your described concept for decades since Linus implemented it in Linux does not make it more consistent. For understanding user activities on files it is practical, but not consistent.

Message 8 of 12
Highlighted
Guru

Re: is possible to set user permission as read and write but not delete files and folders Readynas 3


@Retired_Member wrote:

 

That concept as you are describing it is inconsistent. ... Just because we accepted your described concept for decades since Linus implemented it in Linux does not make it more consistent. ...

 


@Retired_Member:  Our opinions on this really don't matter.  Linux file permissions are what they are - we don't have the ability to change the framework, and neither does Netgear.  They certainly aren't going to switch to a different OS either.

 

I think we need to wind this down, as it can't go anywhere useful here.  If you want to pursue it, then maybe try https://forum.linuxfoundation.org/

Message 9 of 12
Highlighted
Prodigy

Re: is possible to set user permission as read and write but not delete files and folders Readynas 3

Pretty much what @StephenB said.

 

@Retired_Member 

But will sticky bit (t-bit) not do it for you? It does exactly what you want right? That is even an option in the GUI (under file access)...

On a side note, your interpritation of how it should work is not considerate of several things. For example, you can't hide executables rights as a subsidary to read permissions. Yes, it is true that you need to read a file in order to excute it. But that is only because your interpreter needs to have those right (bash, python, curl, perl, etc.). However, in Linux many binary files can be executed without read permissions. You cannot just bundle the two Smiley Happy

 

Anyway, Linux works in this way and probably for a reason.

Former NETGEAR Employee.
Views and opinions are my own.
Message 10 of 12
Highlighted
Retired_Member
Not applicable

Re: is possible to set user permission as read and write but not delete files and folders Readynas 3

Hi @Hopchen , thanks for mentioning the "Sticky-bit", which seems to be a great workaround for certain circumstances in the absence of a true delete right. Will explore that a little bit for better understanding. Kind regards

Message 11 of 12
Highlighted
Master

Re: is possible to set user permission as read and write but not delete files and folders Readynas 3

For those who wonder "why", here it is:  To prevent accidental deletions.  In the workplace, one needs to assume that the authorized users will not attempt to sabotage the server.  But accidents happen.  On a share I used to administer at work, a user accidently dragged one folder into another, causing several automated processes to start failing.  Fortunately, I figured it out and restored the folder to it's rightful place.  But had he accidently deleted it, I would have had to rely on snapshots to restore it, and work performed after the snapshot was taken would have been lost.

 

Windows users often don't pay strict attention to the pop-up warning when deleting files.  And they are spoiled by the Recycle Bin, as they can recover from most oopses.  There being no recycle bin on a ReadyNAS (which there used to be in OS4.x and should optionally still be), there is less oops protection.

Message 12 of 12
Top Contributors
Discussion stats
  • 11 replies
  • 1173 views
  • 3 kudos
  • 5 in conversation
Announcements