"Create-only" Samba share

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

"Create-only" Samba share

Samba - General mailing list
Hi.

I'm sharing a ZFS (ZoL) directory through Samba. Right now I have it set
up so my user has full RWX access to everything, but for security
reasons I'd like to only allow myself to copy and read files and create
and list directories, but make it so once something is created I can't
modify it in any way other than by logging in through SSH.
I've looked at several threads in various places, but I've not seen a
definite answer on how to do this, beyond some hinting at it involving
ACLs in some unspecified way. My understanding is that ZoL doesn't
support Linux ACLs, so I'm wondering if it might be easier to just make
a modification to smbd. After all, all I'd need to do is check if a flag
for the share is set when the user attempts certain actions (e.g.
delete, rename, etc.), right? I'm thinking something like

[foo]
path = /mnt/foo
valid users = foo
available = yes
browseable = yes
writable = yes
read only = no
create only = yes   ; <==

Any opinions?

Thanks.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "Create-only" Samba share

Samba - General mailing list
Look at the vfs_worm module. I lets you create files and then, after a set grace period, it disallows any modification to those files. I have been using it successfully.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "Create-only" Samba share

Samba - General mailing list
In reply to this post by Samba - General mailing list
Look at the vfs_worm module. I lets you create files and then, after a set grace period, it disallows any modification to those files. I have been using it successfully.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "Create-only" Samba share

Samba - General mailing list
In reply to this post by Samba - General mailing list
Thanks! That does exactly what I wanted. Although contrary to what the
documentation says, it seems it doesn't do anything unless I explicitly
configure worm:grace_period.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...