samba - Mar 2003 - Fw: share a folder rw, but not deletable?

Is there a way in UNIX to make a folder with read+write permissions for
some group of users, but only allow them to read and write to the
folder... not actually delete the folder itself?

I have some samba shares, and directories inside them that I want to
remain with their current structure and permission settings -- with many
similiar group-specific files inside each folder, but I don't want the
users to be able to delete the folders themselves! =)  

I've tried setting the directories with the sticky bit (i) with "chattr
+i
dir/" and that didn't work... as now the users could not r/w data
within
the directory.  I don't want the directories to be renamed or deleted. 
Windows has the "delete" permissions available -- but not samba?

Any UNIX/Samba suggestions?

thanks, peace

  Brian Wiese | bwiese@cotse.com | aim: unolinuxguru
------------------------------------------------------
  GnuPG/PGP key 0xF3220030 | "FREEDOM!" - Braveheart 
------------------------------------------------------  
This is not about Napster or DVDs. It's about your Freedom.
  I'll see your DMCA and raise you a First Amendment.
              http://www.anti-dmca.org

On Wed, 26 Mar 2003, Brian Wiese wrote:
> Is there a way in UNIX to make a folder with read+write permissions for
> some group of users, but only allow them to read and write to the
> folder... not actually delete the folder itself?
In Unix/Linux if you can read and write in a directory then you can delete
it. Sorry - we did not invent the rules.

- John T.
>
> I have some samba shares, and directories inside them that I want to
> remain with their current structure and permission settings -- with many
> similiar group-specific files inside each folder, but I don't want the
> users to be able to delete the folders themselves! =)
>
> I've tried setting the directories with the sticky bit (i) with
"chattr +i
> dir/" and that didn't work... as now the users could not r/w data
within
> the directory.  I don't want the directories to be renamed or deleted.
> Windows has the "delete" permissions available -- but not samba?
>
> Any UNIX/Samba suggestions?
>
> thanks, peace
>
>   Brian Wiese | bwiese@cotse.com | aim: unolinuxguru
> ------------------------------------------------------
>   GnuPG/PGP key 0xF3220030 | "FREEDOM!" - Braveheart
> ------------------------------------------------------
> This is not about Napster or DVDs. It's about your Freedom.
>   I'll see your DMCA and raise you a First Amendment.
>               http://www.anti-dmca.org
>
-- 
John H Terpstra
Email: jht@samba.org

On Wed, 26 Mar 2003, Brian Wiese wrote:
> Is there a way in UNIX to make a folder with read+write permissions for
> some group of users, but only allow them to read and write to the
> folder... not actually delete the folder itself?
In Unix the permissions ("perms") of the _parent_ directory determine
who
can remove a sub-directory (= folder in Windows). So you can set the perms
on a given directory wide open but restrict write access to its parent.
Maybe this is all you need?

PCC

On Wed, 26 Mar 2003 02:38:43 -0600, Brian Wiese wrote:
> I've tried setting the directories with the sticky bit (i) with
"chattr +i
> dir/" and that didn't work... as now the users could not r/w data
within
> the directory.  I don't want the directories to be renamed or deleted. 
I solved a similar situation this way: I changed the mode of all files 
in the share to 666, and dirs to 1777 (that's 777 + sticky bit). This 
means that anyone can read the contents of the share, but they cannot 
delete or rename any file or directory and they cannot edit the contents 
of any existing file (exception made for one user, the owner of all 
files and dirs, who can do anything).

Anyway, everyone can add files and dirs, but I also used these two 
options:
force create mode = 666
force directory mode = 1777

Then, every night, an automated script sets the privileged user as the 
owner of all files and dirs in the share.
So, if someone adds a file or dir, he has the possibility to delete or 
edit it for the whole day; then, the next day, the objects he added are 
"locked" again, just like the rest of the share.

The only difference, in your case, might be if you want to allow users 
to edit existing files. I do not have a solution for this... you might 
remove the sticky bit from the directory containing the files to be 
edited, but this will allow other users to also delete or rename subdirs 
contained in the same dir.

-- 
Ciao,
  Marco.

..."The Glimpse", Trilok Gurtu 1997