This is an old revision of the document!

A PCRE internal error occured. This might be caused by a faulty plugin

====== Deny "Delete" While Allow Write Permission ====== ===== Overview ===== In some situation, administrator allow specific users to update and write files, but do not allow them to delete. You can follow below example for this requirement. Requirement: 1. There are different users, each user has its own folder. The designated user of the folder can Read/Write/Modify files in that folder, but cannot delete any files. The other non-designated users can only Read files in that folder, and of course, not allowed to delete files. 2. 1 dedicated and designated user have the full control (Read/Write/Modify/Delete) to any folder and all folders. You can archive this by one of below method. First example have dedicated logical volume for each users. Second example have a shared logical volume, but dedicated subfolder for each users. ===== Each Users use a dedicated Volume as the Share ===== ==== Environment ==== * “Share0” is a SMB/CIFS share, and it will be used as the folder for user ‘u1’ to have Read/Write access. * 3 local users: U1, U2, and Admin * U1 have Read/Write Permission, but cannot delete * U2 have Read only Permission, can only read files, not update/write * U3 is an Admin/Superuser. Admin can Read/Write/Delete ==== Instructions ==== - Assign U1 with “Read/Write” permission for the SMB Share0. U1 can Write/Read/Execute. U1 cannot Delete when step 4 is done. - Assign U2 with “Read Only” permission for the SMB Share0. U2 can only read files in it. U2 cannot create folder, cannot create files or rename files, and no delete permission as well. - Assign U3 as the super_user, who can do Read/Write/Execute, including Delete. - Enable option “No Delete” on SMB page. <note important> When U1 tries to delete a directory or file (which it is not allowed to ). It would appear as if the folder or file got deleted. If you “refresh” , the file/folder will re-appear so you know they didn’t really get deleted.</note> {{ :nas:deny_delete_while_allow_write_permission_1.jpg?direct&400 |}} ==== File Structure Tree and Permissions ==== You can create different share to different users. With 8 users, the NAS File Structure Tree and Permissions would look like below. <note important>Make Sure the “No Delete” Option is selected. "No Delete" option need to be selected before it work.</note> {{ :nas:deny_delete_while_allow_write_permission_2.jpg?direct&400 |}} ===== Under a single shared main folder (LV), each users have a sub-folder for theirs data ===== ==== Environment ==== * “Share0” is a SMB/CIFS share, and under "Share0" each user have their own folders, eg "U1home". 'U1home" will be used as the folder for user 'U1' to have Read/Write access. * 3 local users: U1, U2, and Admin * U1 have Read/Write Permission, but cannot delete * U2 have Read only Permission, can only read files, not update/write * U3 is an Admin/Superuser. Admin can Read/Write/Delete ==== Instructions ==== - From "Services -> Access Control: share0" page, create “u1home” Directory. This ‘u1home” is a subfolder for U1 have Read/Write access, but cannot delete. {{ :nas:deny_delete_while_allow_write_permission_3.jpg?direct&400 |}} - Go “SMB” page, click “Add” {{ :nas:deny_delete_while_allow_write_permission_4.jpg?direct&400 |}} - Click “Browse” to navigate to the directory “u1home”{{ :nas:deny_delete_while_allow_write_permission_5.jpg?direct&400 |}} - Click “Select This Directory” and “Add”.{{ :nas:deny_delete_while_allow_write_permission_6.jpg?direct&400 |}}{{ :nas:deny_delete_while_allow_write_permission_7.jpg?direct&400 |}} - At this page, we set it up the same way as what we did in above: u1 = Read/Write; u2 = Read Only; u3 = Super User and “No Delete” option selected. {{ :nas:deny_delete_while_allow_write_permission_8.jpg?direct&400 |}}<note tip>We have finish making a subfolder as a SMB Share. We will need to setup the Access Control for Subfolder "u1home".</note> - Go “Services -> Access Control” page, and navigate to “u1home”, and click “Edit” button.{{ :nas:deny_delete_while_allow_write_permission_9.jpg?direct&400 |}} - Set the permission as follow{{ :nas:deny_delete_while_allow_write_permission_10.jpg?direct&400 |}} <note important> * u2 - follows “Others” permission settings, which is Read / eXecute, but no Write. * u1 - Assign Write/Read/Execute permissions, and inherits the permissions for future files and subfolders * u3 - no need to assign anything, for it is Superuser </note> ==== File Structure Tree and Permissions ==== With 8 users, the NAS File Structure Tree and Permissions would look like below <note important>Make Sure the “No Delete” Option is selected. "No Delete" option need to be selected before it work.</note> {{ :nas:deny_delete_while_allow_write_permission_11.jpg?direct&400 |}}