Prevent deletion of media files for unprivledged users from orbiter
Prevent deletion of media files for unprivledged users from orbiter http://forum.linuxmce.org/index.php?topic=7557.0
Prevent deletion of media files for some users
on: March 04, 2009, 09:16:19 pm Quote Modify Remove
Hello, I recall a discussion of this issue earlier, but the only reference I found on forum or wiki was from http://forum.linuxmce.org/index.php?topic=3590.0
which suggested simply changing the underlying file permissions / attributes to read only.
My understanding is that this will prevent the media update features from working as well.
Is it possible to configure a setting to prevent some users from deleting files?
I may play with file persmissions to see if perhaps we can use the group for read only and the owner for rw - but would appreciate any advice from those who have already solved this.
much thanks, joseph
jondecker76 Addicted Re: Prevent deletion of media files for some users Reply #1 (closed) on: Today at 12:50:36 am Quote
this should be added to trac as a feature request. There are a couple of places it could be changed:
- From the orbiter, you can delete a file. This should only work if the user is checked as "Allow to modify installation"
- From the web admin, you can delete a file -however, the last time I checked, it will not allow you to do so if "Allow to modify installation" is not checked.
- Directly from a command line, over ssh or as a Samba share I don't think it would be feasible. For users that should not be able to delete files, you will have to control what they can access and how they can access it. Using the Orbiter and/or the web admin would be the recommended ways.
Also, remember you have your own private folder to keep your files safe - you may need to incorporate that into your plan as well.
schaferj Veteran Re: Prevent deletion of media files for some users Reply #2 (closed) on: Today at 04:03:51 am Quote Modify Remove
Jon, Thank you for quickly fleshing out the need.
The most urgent need is to fix the orbiter so that it behaves in the way many would find intuitive.
For example, I recently added media on public, but confirmed that an unprivledged orbiter user (unchecked 'allow to modify') can delete the files. I would suggest that an unprivledged orbiter user should not be able to delete or move - and perhaps those buttons should not even display.
Unprivledged users are less of a concern from the web admin (and it may work right already!) and direct file / share access can be mitigated directly with permissions outside of LinuxMCE.
I recall earlier that the private folders were not - and so have not relied upon that.