- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Disallow Deleting Shares
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Disallow Deleting Shares
I have ReadyNAS with RAIDiator 4.1.14
I am planning to link several PCs to it through a third party Backup Client.
The ReadyNAS will be accessible through user's AD credentials, therefore they can access their backed up files (which will be hidden anyway) .
The challenge is that I want them to have access as this is required for the Backup application, however I want to prevent anyone of them from deleting his data.
How would this be possible?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Disallow Deleting Shares
Since the backup program needs write access, I don't think it is possible.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Disallow Deleting Shares
Create a separate service account that the backup runs under and give that "user" NAS write access and the main user read-only. Then keep the service account password tight to your chest. This requires that you set up the backup and provide the user name and password at that time. Most backup software allows this and will not display the password. Anything using the Windows Task Schedular should be able to do it.
Depending on the backup program used, you could change file ownership regularly in the background to something to which the user does not have write access or move them from a temporary to a permanent location with different rights. This one is less bulletproof to prevent acidents deletion, as it can happen before the background task runs, but can be easier if you have a lot of users and/or computers you can't set the first option up on. But this would likely thwart the backup software's self housecleaning activities, so you'd need to have something take care of that, too.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Disallow Deleting Shares
@Sandshark wrote:
Create a separate service account that the backup runs under and give that "user" NAS write access
If the windows system is using a separate account for backup, with its own NAS credentials, then it would be possible.
If the backup program supports rsync, then you could similarly lock down cifs to read-only but allow rsync full access.
What won't work is application-specific permissions using the same credentials and the same protocol.