× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: Disallow Deleting Shares

mimadremia87
Follower

Disallow Deleting Shares

I have ReadyNAS with RAIDiator 4.1.14

I am planning to link several PCs to it through a third party Backup Client.

 

The ReadyNAS will be accessible through user's AD credentials, therefore they can access their backed up files (which will be hidden anyway) .

The challenge is that I want them to have access as this is required for the Backup application, however I want to prevent anyone of them from deleting his data.

 

How would this be possible?

Message 1 of 4
StephenB
Guru

Re: Disallow Deleting Shares

Since the backup program needs write access, I don't think it is possible.

Message 2 of 4
Sandshark
Sensei

Re: Disallow Deleting Shares

Create a separate service account that the backup runs under and give that "user" NAS write access and the main user read-only.  Then keep the service account password tight to your chest.  This requires that you set up the backup and provide the user name and password at that time.  Most backup software allows this and will not display the password.  Anything using the Windows Task Schedular should be able to do it.

 

Depending on the backup program used, you could change file ownership regularly in the background to something to which the user does not have write access or move them from a temporary to a permanent location with different rights.  This one is less bulletproof to prevent acidents deletion, as it can happen before the background task runs, but can be easier if you have a lot of users and/or computers you can't set the first option up on.  But this would likely thwart the backup software's self housecleaning activities, so you'd need to have something take care of that, too.

Message 3 of 4
StephenB
Guru

Re: Disallow Deleting Shares


@Sandshark wrote:

Create a separate service account that the backup runs under and give that "user" NAS write access


If the windows system is using a separate account for backup, with its own NAS credentials, then it would be possible.

 

 

If the backup program supports rsync, then you could similarly lock down cifs to read-only but allow rsync full access.

 

What won't work is application-specific permissions using the same credentials and the same protocol.

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 1537 views
  • 0 kudos
  • 3 in conversation
Announcements