The traditional Unix permissions are very simple in design and are able to meet a lot of requirements. A common problem however (as seen on many Linux forums and mailinglists) is how to allow users to a write to a directory, but not delete from it. This is a valid request, especially on small home networks, where the users may want to add content to a directory (e.g. family pictures), but are wary of somebody accidently deleting the content.
The aim of this guide is to provide a way for multiple different users to write to a single Samba fileshare, but so that they cannot delete any of each others’ content.
The guide will use an example to help illustrate some of the concepts. The example scenario will use a family of users (Bob and Jane), who want to share family pictures via a Samba fileshare (Pictures).
|Pictures||A share for sharing family photos|
The guide assumes that you already have two Samba users configured, Bob and Jane.
The first step is to create the “pictures” group and add Bob and Jane to it.
groupadd pictures usermod -a -G pictures bob usermod -a -G pictures jane
The second step is to create the pictures directory and set the correct permissions.
mkdir -p /srv/pictures chmod 1775 /srv/pictures chown root:pictures /srv/pictures
The third (and final) step is to configure Samba to share the Pictures share.
[Pictures] comment = Family pictures path = /srv/pictures browseable = no writeable = yes create mask = 0644 directory mask = 0755 valid users = @pictures
The share has now been set up successfully, you will need to restart Samba for the changes to take effect.
Tip: Changing File Permissions to read-only via a cronjob
The current configuration allows users to add files to a share but not delete others’ content. They still, however, can delete their own content. One solution to this problem is to write a script (as below) to change the permissions of the share’s content to read-only. The script can then be scheduled to execute regularly, using a cronjob.
#!/bin/bash chmod -R 755 /srv/pictures/* chown -R root:root /srv/pictures/*