topic secure files in Operating System - HP-UX

secure files

jerry1 — Mon, 30 Oct 2006 14:17:15 GMT

Is there a way with samba or other CIFS or
straigt unix directories to seucre files
to not be deleted but can still be modified?

I know you can't on unix within unix shell.
But I thought you could do something within
samba for PC shares.

Re: secure files

Geoff Wild — Mon, 30 Oct 2006 14:28:12 GMT

No - you can not secure files that way - even if you could you would have write access (if person can modify) and there would be no way to stop that person from emtying that file and saving it - it would be 0 bytes - not usefull at all.

Either limit access to those files and have good backups or only allow root to modify.

Rgds...Geoff

Re: secure files

Bill Hassell — Mon, 30 Oct 2006 16:27:23 GMT

Now if the rules are: modify but not remove, then yes, Unix provides this feature. There are two permissions for every file: permission for the content (data) and permission for the existence (create or remove). You can set the permissions independently. For the file, write permission only protects the data. But for existence, the directory's write permission controls whether any file in the directory can be removed (or created).

Re: secure files

James R. Ferguson — Mon, 30 Oct 2006 17:19:28 GMT

Hi Jerry:

To add to Bill's comments. If you set the 'sticky' bit on a *directory* then users can only remove files from the directory if they have explicit write permisssion to the file to be removed. This is particulary useful with shared directories, like '/var/tmp'. See the manpages for 'chmod' for further information.

Regards!

...JRF...