Crazy question about read/write privileges..

D

djbeta

Registered
I have a folder that is shared by about 10 employees in my company.

I would LOVE it if there was a way so that they could

1. be able to create folders and upload files

2. not be able to rename or delete those files that they have already uploaded

A Dropbox is not an option because I need them to be able to access the files after they upload them.

Is this possible ???? it would help me out soo much if I could get something like this set up.

thanks in advance.. :)
 
Permissions that allow a user to write to a directory allow them to add, rename and delete.

You could look at setting up a cron task that would recursively change the ownership/permission on everything within that folder. As far as I know the minimum period for cron is one minute... the code would be a simple one liner like "sudo chmod -r -w /path\ to\ the\ folder/That_is_Shared/*". But don't quote me on that...

I've heard CroniX is good to simplify crontab changes.

Gabs
 
You could set the permissione of the folder that they need to access to Read/Write, but set the individual files in the folder to Read Only. You could probably set this up with an AppleScript and a FolderAction, so that the permissions are automatically converted. People would all be able to upload and download the files they need, but would be prevented from deleting/changing things. You'd have to check exactly which groups the employees all belong to and what privileges they have, but I think this should work more or less.
 
In short, simply setting a certain priviledge to a folder will not accomplish what you want. You'll need a script or combination of scripts to accomplish what you want.

Being able to create a folder, then immediately not being able to rename the folder goes agains user priviledges and the UNIX multi-user style of doing things.
 
I think I understand... so far I think my best option is to configure folder actions on the folder in question to run some Applescript when a file/folder is added.
I'm very curious to find out if such a script is possible/difficult to write.

The reason I want to do this is because my users are uploading files to a shared folder and then uploading them to a filemaker database system that will rely on the paths to the files not changing.. If the path changes or a folder is renamed, the system's access to the file will be broken.

Thanks for the responses.. if anyone has any other suggestions, please share! :)
 
You can do it - set the 'sticky' permission bit on the directory. This allows users to create files in a directory, but only delete or rename those files that belong to them.

See the man pages for sticky and chmod for details.
 
Hmm... but wouldn't that be like normal permissions? Every user has the ability to rename files and folders that belong to them, and if they copy the files and folders to a share, then unless that share has a "change permissions" script running on it, they would own those copied files and folders, thus be able to rename and delete them... no?
 
As long as the folder is set to Read Only you should be able to copy files but not rename or delete files. We have a problem with permissions on our server here at my contract job right now!

A great tool to get is "Tinker Tool". If you have Mac OS X 10.3 or 10.1 (doesn't do permissions in 10.2 for some reason) you can set your permissions very specifically for your computer with relation to the server.
 
If the folder is set to "Read Only" then you won't be able to copy anything into it, nor delete anything inside it or delete the folder itself, if files are set to inherit permissions from the parent directory, which UNIX does by default. This is adjustable in OS X Server, but for OS X Client, it would have to be done manually via the Terminal/Command Line.

UNIX permissions get hairy sometimes: there are three permissions, actually: owner, group and world, and go like this: rwxrwxrwx. The first three characters are the permissions for the owner, the second three for group and the last three for world. 'r' is the read bit, 'w' is the write bit, and 'x' is the excecute bit. So, if a file/folder is set as "rwx-rw-r--" then the owner can read/write/execute, the group can read and write, and the world (anyone else other than the owner and members of the group) can only read.

So, it depends on which set of three you give "Read Only" access to.
 
You must log in or register to reply here.
Back
Top