NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS102 - protection of truecrypt-file against delete
All my data on RN102 are saved in one truecrypt-file -"truecrypt_dad"- created on a laptop (OS Debian 8). This means that the RN102 manages only one file -"truecrypt_dad"-.
With the below described permission structure both users "dad" and "mom" can read and write the file "truecrypt_dad" from the laptop (OS Debian 8).
I want to protect the file "truecrypt_dad" against delete from user "mom", but I cannot find a solution.
MY PROBLEM: The user "mom", by attempting to delete "truecrypt_dad" does receive an errore message - "permission denied - you have not sufficient permissions to move the file into the trash" (free translated from german) - which is OK for me. But on the same window the button "DELETE" is still active and the user "mom" can delete the file!. To complete the confusion the user "mom" cannot rename the file due to insufficient permissions, which is also OK for me.
On one side the user "mom" cannot rename (OK for me) and cannot move into trash (OK for me), but on the other side can delete (not OK for me) the file.
I want to protect the file "truecrypt_dad" against delete from user "mom". There is a solution and an explanation for the strange behaviour mentioned above?
Thank you.
Technical data
Laptop description: OS Debain 8
extract from /etc/fstab of user "dad"
#nas
//IP/dad/ /media/dad cifs users,noauto,username=dad,passwd=dad 0 0
extract from /etc/fstab of user "mom"
#nas
//IP/dad/ /media/dad cifs users,noauto,username=mom,passwd=mom 0 0
NAS description: ReadyNAS102, Firmware 6.6.0, 2x 2TB
Configuration after factory reset:
SSH: activated
USERS/GROUPS
User Group comment
admin admin default user
dad parents
mom parents
SHARES
file/directory owner group permissions comment
/data root root drwxr-xr-x default share; default permissions
/data/dad dad parents drwxrwx--T+ ACLs and Sticky-bit created by RN102; ALSs: rwx for admin
/data/dad/truecrypt_dad dad parents -rwxrwx---+ file created with tuecrypt on laptop
7 Replies
Try changing the permissions on the dad directory so that the group doesn't have write permission.
Thank you for your reply.
Both users "dad" and "mom" shall access to the file "truecrypt_dad". Only the user "dad" shall have the permission to delete "truecrypt_dad".
The question is: why is the user "mom" allowed to delete the "truecrypt_dad" if there are no permissions to rename it and move it into trash? Why is "DELETE" still active? I cannot understand this behavior.
If "DELETE" would not be active than everything would be fine for me.
merlinux16 wrote:
Why is "DELETE" still active? I cannot understand this behavior.
Linux doesn't have a separate "delete" permission. Deleting a file is done by modifying the folder the file is in. If you give someone write permission to that folder, then you are giving them permission to delete the files in it.
You are allowing mom the ability to write to /data/dad (since anyone in the parents group has that permission).
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
