Drop Folder (Is it possible)

Question

We have a need to be able to write to a folder on the NAS but to to be able to access it again from the same computer (or any computer except the admin account). Is there a way to able to write to a folder and then lock the file down so that it cannot be changed? I believe that is called a drop folder. We have an analitical instrument that I need to save the original data to a file that cannot be accessed (changed) so that the the original data is secured from changes.

Thanks,

Dan

Sandshark · Answer

ReadyNAS does not have a built-in way to allow a user to create a file and then not be able to change it later. You could come close by creating a task that runs on the NAS or a computer on the network with an account that has special permissions that moves the file from where you dropped it and you have write permission to a location where normal users have only read permission. Just changing the file permissions usually isn't enough to prevent a user with write access to the folder from changing those permissions, though I've not tried it. It's enough to prevent unintentional changes, because it takes extra steps, but not deliberate ones.

I've not tried disabling admin's file permissions so that root would be the only one who could change or delete them. But if you know admin's password, you know root's, so I don't really see the point unless you routinely use admin credentials for file operations (which is a bad idea in an environment where you need what you are asking for).

dtt0116 · Answer

Thanks, that's what I thought.&nbsp; I am just trying to come up with a workaround so we don't have to go out and buy a new $75,000 machine to replace one that is only 5 years old.&nbsp; The machine programming does not have a way not to name a file the same thing, and the manufacturer says that the new software wont work (designed not to IMO) with the old hardware. &nbsp; Sooo... If I set up a backup job and protect the folder that it is backed up to, that would sort of accomplish what I am after, correct?&nbsp; For a new question, is there a setting (I don't recal seeing one) to set up a backup on a file write/change?I uderstand about the permissions.&nbsp; It has me going in circles trying to get some sort protection with our current set-up.&nbsp;&nbsp;

StephenB · Answer

dtt0116&nbsp;wrote:
&nbsp; Sooo... If I set up a backup job and protect the folder that it is backed up to, that would sort of accomplish what I am after, correct?&nbsp;

I think this depends on your goal.&nbsp; For example, if this is linked to a legal requirement, then it might not.&nbsp; &nbsp; Another aspect is whether you are trying to protect the file(s) from modification, from deletion, or both.
&nbsp;
But if your goal is simply to archive the file(s), then you can create a second share that is read-only, and use a backup job to back up the file(s) to that share.&nbsp; The NAS admin would still be able to modify or delete the file(s) - either through the admin web ui, or by mounting the entire data volume on a PC using the NAS admin credentials.&nbsp; Or through the use of SSH of course.
&nbsp;
Another approach is to add a second device into the mix, and have that device back up the file(s) on a schedule.&nbsp; The NAS admin wouldn't need write access to that second device, so you'd have the ability to recover the originals if the copy on the RN212 was modified.

Sandshark · Answer

A lot also depends on whether you are worried about accidents or malice.&nbsp; It's a lot harder to protect against malice.&nbsp;At my job, a user unintentionally dragged a critical folder into another, and backup jobs on all the test equipment started failing.&nbsp; There is no "are you sure" prompt for that, as there is with deletion, at least when the user has read/write privileges, so it's easy to do.&nbsp; Fortunately, I figured out what happened before we went through the process of restoring from backup or snapshot.&nbsp; A system like you want could have prevented that.&nbsp; I could have made the folder read-only to most users to help prevent it, since the data mostly comes from automated backups on the test equipment, but he had privileges&nbsp;in the parent folder and could have changed those permissions if he was doing that intentionally.&nbsp; I have to trust that everyone to whom I give rights to the share is not going to attack it with malice.

dtt0116 · Answer

The goal here is to protect the original data from being overwritten/modified, or deleated.&nbsp; The FDA wants access to unaltered data from everything we run from now on.&nbsp; The more I think about it, the more I am convinced that I need to move files and rename them with a time stamp somehow and then lock them away into a folder only I can access (I am the only one with admin credentials).&nbsp; The software will overwrite the files if they are named the same and there is no warning from it that you are about to do so.&nbsp; The files are in a format I cannot open so I cannot change them.&nbsp; Just trying to show the feds that our data is secure without breaking the bank.&nbsp; Also, I am not really an IT guy, but I am the best we have around here (the last programming I have done was on a C64 in BASIC).&nbsp; This also just needs to happen without our lab techs thinking about it and be something I can maintain while I do my other jobs around here.

Forum Discussion

Drop Folder (Is it possible)

9 Replies

Related Content

Possible Fix for iPhone Dropping WiFi

MR60/MS60 Session drop (Verbindung)

Pb avec Home folder

RBR850 Dropping Internet Connectivity

Encryption of shared folders for users (?) - is this possible?

NETGEAR Academy

ProSupport for Business