0

Is it possible to set the permissions of an NFS share to allow creation and moving of files, but not the editing or deletion of them.

Moving is also only allowed if it stays on the same share.

Achieving this with wrapper applications would be fine, as long as I can execute them with my client, that uses nautilus.

Allowed operations:

  • mv /mnt/share/file /mnt/share/file2
  • mv /mnt/share/file /mnt/share/folder/file
  • touch /mnt/share/file3

Disallowed operations:

  • mv /mnt/share/file ~
  • rm /mnt/share/file
  • echo test > /mnt/share/file
  • echo test >> /mnt/share/file

BOTH LISTS ARE NOT EXHAUSTIVE

The server is my NAS running stock Archlinux (pretty current, updates every few days).

Hosts are mostly my own computers, but I don't trust every program I run. And to prevent crypto malware, I want to disable the deletion of files, so such a malware can only create the encrypted files, but can't delete the original ones.

Armin
  • 141
  • What do you mean by "moving of files"? Renaming? If you can rename a file or move a file, you can effectively edit or delete it. (In fact, in UNIX, moving is often implemented as a kind of remove. ) On a local filesystem in Linux, a file may be marked "immutable", but that means it cannot either be moved or renamed.

    In theory, Nautilus plugins can achieve the desired effect, assuming users cannot access NFS in any other way.

     – Otheus Apr 06 '16 at 16:03
  • @Otheus first, they can (via console), and by moving i mean renaming or changing the path, as long as it stays on the disk. i'll add an example – Armin Apr 06 '16 at 16:04
  • 1
    Just maintain a list of md5 sums on the share, and if some file goes missing, move it back from a backup. That is not NFS solution, you'll need to write a daemon to monitor it, and it -might- have impact on performance. – Mikhail Krutov Apr 06 '16 at 17:22
  • @MikhailKrutov this is not acceptable, because i don't see if a file was simply moved on the share. the only way to notice this is to create the hashes for every file anew. – Armin Apr 06 '16 at 17:32
  • @Armin Yep, that's what I've meant - every time something changes, md5 it. Also, http://unix.stackexchange.com/questions/92013/monitoring-file-changes-process-access-to-files – Mikhail Krutov Apr 06 '16 at 17:34
  • @MikhailKrutov there are thousands of files on my shares, some are big files like movies, so creating a hash for every time i want to move something is not feasible. – Armin Apr 06 '16 at 17:45
  • The only thing you can do, I think, is write a wrapper script protected by sudo, then lock down permissions on NFS volume, such that only root can manipulate files there. Users will interface with sudo rename-script or sudo mv-script – Otheus Apr 06 '16 at 18:00
  • @Otheus but if i set the permissions to root:root 744, couldn't a local admin of a client delete the files? – Armin Apr 06 '16 at 18:03
  • Yes. so basically, you need to use some program that does not operate on the mountpoint, but with some Application Interface on the server. Mounpotints are read-only. On your NFS server: set up an SSH server for a specific user. That user has access via sudo (NOPASSWD:) to operate the scripts which act on the files in the NFS repository. On clients, wrapper programs like mv operate via ssh to invoke appropriate script. – Otheus Apr 06 '16 at 18:41
  • @Otheus so basically, every user gets an alias to mv etc, that calls scp if the operation is allowed? that would work somewhat... i'll think about it, but that seems to be the most sensible solution. if you make it an answer, i cant mark it... – Armin Apr 06 '16 at 18:45
  • OK, first, edit your question to state the additional info you mentioned here, the NFS server setup, and the need to prevent local clients from operating on the server – Otheus Apr 06 '16 at 18:49
  • @Otheus but isn't the setup part of your answer? your answer is basically, share is readonly, wrapper applications for every client. or did i miss something? – Armin Apr 06 '16 at 18:51
  • In your question, describe the NFS server, what version of NFS you are using ; is it a full Linux host? what distribution? Do you have complete control over the environment, including all the clients? Do you (not) trust root on the clients? etc – Otheus Apr 06 '16 at 19:30

1 Answers1

1

NFS permissions are only read and write...if you permit writing, then editing and deleting files is possible besides creating and moving files.

magor
  • 3,752
  • 2
  • 13
  • 28
  • is there any possibility to set wrappers for low level methods? meaning i could add the wrapper, that checks whether it moves the file from the share to the same share and allows it, but disallows it if not? – Armin Apr 06 '16 at 16:15
  • 2
    NFSv4 allows much more, but you need a real NFSv4 implementation to use the ACLs. Even theNFSv4 ACLs do not mention rename, they just allow you to forbid to remove files in a directory or to ad files in a directory. – schily Apr 06 '16 at 16:36