Deny "Delete" While Allow Write Permission
Overview
In some situation, administrator allow specific users to update and write files, but do not allow them to delete. You can follow below example for this requirement.
Requirement:
1. There are different users, each user has its own folder. The designated user of the folder can Read/Write/Modify files in that folder, but cannot delete any files. The other non-designated users can only Read files in that folder, and of course, not allowed to delete files.
2. 1 dedicated and designated user have the full control (Read/Write/Modify/Delete) to any folder and all folders.
You can archive this by one of below method. First example have dedicated logical volume for each users. Second example have a shared logical volume, but dedicated subfolder for each users.
Each user has a dedicated volume as a share
Environment
- “Share0” is a SMB/CIFS share, and it will be used as the folder for user ‘u1’ to have Read/Write access.
- 3 local users: U1, U2, and Admin
- U1 have Read/Write Permission, but cannot delete
- U2 have Read only Permission, can only read files, not update/write
- U3 is an Admin/Superuser. Admin can Read/Write/Delete
Instructions
- Assign U1 with “Read/Write” permission for the SMB Share0. U1 can Write/Read/Execute. U1 cannot Delete when step 4 is done.
- Assign U2 with “Read Only” permission for the SMB Share0. U2 can only read files in it. U2 cannot create folder, cannot create files or rename files, and no delete permission as well.
- Assign U3 as the super_user, who can do Read/Write/Execute, including Delete.
- Enable option “No Delete” on SMB page.
File Structure Tree and Permissions
You can create different share to different users. With 8 users, the NAS File Structure Tree and Permissions would look like below.
Under a single shared main folder (LV), each users have a sub-folder for theirs data
Environment
- “Share0” is a SMB/CIFS share, and under “Share0” each user have their own folders, eg “U1home”. 'U1home“ will be used as the folder for user 'U1' to have Read/Write access.
- 3 local users: U1, U2, and Admin
- U1 have Read/Write Permission, but cannot delete
- U2 have Read only Permission, can only read files, not update/write
- U3 is an Admin/Superuser. Admin can Read/Write/Delete
Instructions
- At this page, we set it up the same way as what we did in above: u1 = Read/Write; u2 = Read Only; u3 = Super User
and “No Delete” option selected.
* u1 - Assign Write/Read/Execute permissions, and inherits the permissions for future files and subfolders
* u3 - no need to assign anything, for it is Superuser