Assume that I have a directory that should contain only jpg files.
How can I prevent users from adding files that don't have jpg format to that directory?
My initial guess was to use inotify but it doesn't seem to give me the ability to interrupt/block the "operation" on the file / directory.
My second guess was to set the directory to read-only, when a user adds a file I'll check its extension then add the write permission to the directory before it gets an invalid access error.
Assume any file system that Linux supports
This file system will be used by Samba if this is a helpful info.
Related
I have a regular linux filesystem and part of it is used with sftp.
My goal is for sftp-user to list and get files in a subdirectory.
The user must also be able to delete files in that subdirectory.
And finally, I do NOT want that user to be able to upload files into that subdirectory.
I struggle with the filepermissions for this subdirectory.
It seems you cannot do this with file system permissions alone.
As described here, creating or deleting a file is actually a modification of the directory that contains the file. For that, the user needs to have a "w" permission to this directory. But at the same time, your requirements contradict each other - the user can either both create and delete files, or none of the above.
Apparently you need some kind of an additional authorization mechanism (maybe some web service, or a remotely callable script) to delete or upload the files, and then apply the authorizations there.
Edit:
For instance, you could create a REST webservice running with a separate user account that has "w" permission to the directory. You need to perform very strict checking of the passed arguments and authenticate the users, otherwise a hacker could wreck your system.
When I download source code from perforce, the symlinks gets downloaded as files and the project, of course, doesn't build. This happens on certain computers and virtual machines but the same symlinks download fine on other computers.
The download file is often a short file which just contains path of the linked file instead of being zero byte symlink file.
This actually had to do with user permissions on windows, not so much with perforce. The problem is that the user doesn't have permission to create symlinks so perforce ends up creating a file (In my opinion, it should generate an error message instead of converting the symlink to file).
The simple solution in most cases should be to start P4V as administrator and then download the source code. You may have to force it to download everything since it will not re-download wrong symlinks because those objects already exist on disk.
You can check if you have permissions with the following command. More here.
mklink <linkFile> <ExistingFile>
Note: you may well be able to create symlinks (=shortcuts) using File Explorer but it's the command line (above) that will determine if you have the privileges or not.
I am working with a live Linux version. If I create a user and that user creates a file, how can I make that file visible for that user after I have restarted the system? (Normally it would be erased)
You can save the file in the device's hard drive, if you are using a CD/DVD.
In case you are using a flash drive, you can save the file in the root / folder.
Note: Be careful with name given in root folder, try to avoid things like boot or other names found in that folder. They are used to start the live system and boot manager usually recognize them based only in file names
I wanna to freeze a folder in red hat so nobody (even root) can not add file into the folder or change files that exist in the folder already, i tried to make folder read only but this does not work and root user can add files normally as before, please somebody help me to solving this problem.
Create a filesystem in a file (eg: an iso file) containing the files you want in the directory then use a loopback mount to mount it read only onto the directory.
Anybody who tries to modify the filesystem normally (including root) will get a "read-only filesystem" error.
No. By design, in Linux, root ignores existing permissions on all entities. However, what you can do is encrypt files so that they can't be read and can't be modified by those who don't know the key. You can't prevent new files from being added, but with both encryption and decryption keys private, you can easily verify if any file is valid.
This also means you can't have either key on your computer!
I have Qt application which should work on multiple platforms. One of those platforms is Linux. I am completely new in Linux world.
My application need to create and manage set of data files. After reading some links about linux directory structure I decided to store data files in /var/myapp directory and in its subdirectories.
Here is the problem: if my application runs without superuser privileges then it has no rights to create /var/myapp directory. Even if i will create directory manually (with sudo) my application will not have rights to write files there.
Is it possible to temporary elevate application's permissions from Qt code to create /var/myapp directory and write files there?
Or possibly there is another place in Linux directory structure which is by default available for storing application's data files?
Only root can create directories in /var. If your application needs a subdirectory under /var, you need to create it during installation (which typically runs with root permissions), and chmod it appropriately: either create a group for users that may run your application, put /var/myapp in that group, and chmod it to 770; or just chmod the directory to 777 to allow everyone to access it. If you want to prevent writing by regular users, use 755 or 750 instead. (For data files, don't set the execute bit though: the appropriate permissions here are 666/660/644/640). Instead of octal triplets, you may prefer the more elaborate mnemoic syntax to chmod, e.g. chmod ug+x filename adds (+) the execute bit (x) to filename for the owning user (u) and group (g).
However, /var is not necessarily the best choice: /var is typically used for volatile data (temporary files etc.), as well as things that are expected to change frequently (mail, log files, etc.). Other data should go into either:
/usr/share/{appname} for system-wide data files and resources
/etc/{appname} for system-wide configuration files
~/.{appname} (old convention) or ~/.config/{appname} for per-user configuration files
/var/tmp/{appname} for temporary files
Also, you want to make the /usr prefix configurable; most distributions reserve /usr for package-managed files, except /usr/local, which mirrors /usr for out-of-distro installs (so in that case, your system-wide resources go into /usr/local/share instead of /usr/share).
You could distribute it without installation scripts, but you'd have to tell them to run it once as root... or have the app run itself as root using gksudo/kdesudo if its system wide data files do not exist.
The custom though is to make a package (.deb, .rpm, or even a .tar.gz that the user will extract himself) including all necessary files.
But linux (and OS X for that matter) are multi user systems. Are you sure your files belong in /var or /usr? If they're created at runtime as you say, don't they depend on user input? In which case you need to put them in some directory inside the user's home directory (getenv("HOME")).