Prevent deletion of media files for some users

[schaferj]

Hello,
I recall a discussion of this issue earlier, but the only reference I found on forum or wiki was from
http://forum.linuxmce.org/index.php?topic=3590.0

which suggested simply changing the underlying file permissions / attributes to read only.

My understanding is that this will prevent the media update features from working as well.

Is it possible to configure a setting to prevent some users from deleting files?

I may play with file persmissions to see if perhaps we can use the group for read only and the owner for rw - but would appreciate any advice from those who have already solved this.

much thanks,
joseph

[jondecker76]

this should be added to trac as a feature request. There are a couple of places it could be changed:

1) From the orbiter, you can delete a file. This should only work if the user is checked as "Allow to modify installation"
2) From the web admin, you can delete a file -however, the last time I checked, it will not allow you to do so if "Allow to modify installation" is not checked.
3) Directly from a command line, over ssh or as a Samba share I don't think it would be feasible. For users that should not be able to delete files, you will have to control what they can access and how they can access it. Using the Orbiter and/or the web admin would be the recommended ways.

Also, remember you have your own private folder to keep your files safe - you may need to incorporate that into your plan as well.

[schaferj]

Jon,
Thank you for quickly fleshing out the need.

The most urgent need is to fix the orbiter so that it behaves in the way many would find intuitive. 

For example, I recently added media on public, but confirmed that an unprivledged orbiter user (unchecked 'allow to modify') can delete the files.  I would suggest that an unprivledged orbiter user should not be able to delete or move - and perhaps those buttons should not even display.

Unprivledged users are less of a concern from the web admin (and it may work right already!) and direct file / share access can be mitigated directly with permissions outside of lmce.

I recall earlier that the private folders were not - and so have not relied upon that. 
thanks,
joseph

[schaferj]

Team,
I submitted to TRAC as
"Prevent deletion of media files for unprivledged users from orbiter"
I'm running 0710, but that did not seem to be a choice, so I went with 0810 alpha, ticket #130.

I welcome additional thoughts / workarounds.
joseph

[tschak909]

Thank you very much.

We are re-marking this as minor, and will put it up for any developer who wishes to implement the feature.

-Thom

[schaferj]

Thom,
That's certainly appropriate - it's been functioning that way for a while now! ;-)
joseph