> Dermot Paikkos wrote: > > > > mkdir myfolder; chmod 777 myyfolder; chattr +i myfolder > > > > Then from a windows box tried to delete the folder and got > permissions > > denied, so far so good. They I tried to copy a file to the folder and > > was denied also, not so good. > > > > I have tried a combinations of +i +a but I can't get the desired > effect. > > Is what I am attempting possible or should I create a new share and > use > > smb.conf to administer the file permissions? > > 1. "chattr +i" is a blunt instrument; once set, the file or directory > is completely immutable. > > 2. "chattr +a" doesn't allow appends; it denies everything except > appends, so "chattr +a +i" is equivalent to just "chattr +i". > > 3. Modifying a directory isn't an "append", so "chattr +a" isn't > useful here. > > If filesystem permissions cannot be used (e.g. because both the > directory and its parent need to be writable by the user), you can > still prevent the directory from being deleted by adding a file or > subdirectory which the user cannot delete. > > One option is to add a subdirectory, owned by root, writable only by > root, and containing at least one file. The user won't be able to > delete the file as they don't have write permission on the > subdirectory, and a non-empty directory cannot be deleted. > > Another option is to just add a file within the directory and use > "chattr +i" on the file. One of the other things I was hoping to do was deny users from renaming the folder or the other classic mistake, accidently drag and drop a folder into another folder. I can't think of a set of UNIX permission or smb.conf directives that is going to allow make a directory readonly but allow a group to create files within the directory. Thanx for the suggestions though. They will have to do. Dp. -- To unsubscribe from this list: send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
