Deny "Delete" While Allow Write Permission

Overview

In some situation, administrator allow specific users to update and write files, but do not allow them to delete. You can follow below example for this requirement.

Requirement:

1. There are different users, each user has its own folder. The designated user of the folder can Read/Write/Modify files in that folder, but cannot delete any files. The other non-designated users can only Read files in that folder, and of course, not allowed to delete files.

2. 1 dedicated and designated user have the full control (Read/Write/Modify/Delete) to any folder and all folders.

You can archive this by one of below method. First example have dedicated logical volume for each users. Second example have a shared logical volume, but dedicated subfolder for each users.

Each user has a dedicated volume as a share

Environment

  • “Share0” is a SMB/CIFS share, and it will be used as the folder for user ‘u1’ to have Read/Write access.
  • 3 local users: U1, U2, and Admin
  • U1 have Read/Write Permission, but cannot delete
  • U2 have Read only Permission, can only read files, not update/write
  • U3 is an Admin/Superuser. Admin can Read/Write/Delete

Instructions

  1. Assign U1 with “Read/Write” permission for the SMB Share0. U1 can Write/Read/Execute. U1 cannot Delete when step 4 is done.
  2. Assign U2 with “Read Only” permission for the SMB Share0. U2 can only read files in it. U2 cannot create folder, cannot create files or rename files, and no delete permission as well.
  3. Assign U3 as the super_user, who can do Read/Write/Execute, including Delete.
  4. Enable option “No Delete” on SMB page.
When U1 tries to delete a directory or file (which it is not allowed to ). It would appear as if the folder or file got deleted. If you “refresh” , the file/folder will re-appear so you know they didn’t really get deleted.

File Structure Tree and Permissions

You can create different share to different users. With 8 users, the NAS File Structure Tree and Permissions would look like below.

Make Sure the “No Delete” Option is selected. “No Delete” option need to be selected before it work.

Under a single shared main folder (LV), each users have a sub-folder for theirs data

Environment

  • “Share0” is a SMB/CIFS share, and under “Share0” each user have their own folders, eg “U1home”. 'U1home“ will be used as the folder for user 'U1' to have Read/Write access.
  • 3 local users: U1, U2, and Admin
  • U1 have Read/Write Permission, but cannot delete
  • U2 have Read only Permission, can only read files, not update/write
  • U3 is an Admin/Superuser. Admin can Read/Write/Delete

Instructions

  1. From “Services → Access Control: share0” page, create “u1home” Directory. This ‘u1home” is a subfolder for U1 have Read/Write access, but cannot delete.
  2. Go “SMB” page, click “Add”
  3. Click “Browse” to navigate to the directory “u1home”
  4. Click “Select This Directory” and “Add”.
  5. At this page, we set it up the same way as what we did in above: u1 = Read/Write; u2 = Read Only; u3 = Super User

and “No Delete” option selected.

We have finish making a subfolder as a SMB Share. We will need to setup the Access Control for Subfolder “u1home”.
  1. Go “Services → Access Control” page, and navigate to “u1home”, and click “Edit” button.
  2. Set the permission as follow
* u2 - follows “Others” permission settings, which is Read / eXecute, but no Write.

* u1 - Assign Write/Read/Execute permissions, and inherits the permissions for future files and subfolders

* u3 - no need to assign anything, for it is Superuser

File Structure Tree and Permissions

With 8 users, the NAS File Structure Tree and Permissions would look like below

Make Sure the “No Delete” Option is selected. “No Delete” option need to be selected before it work.