There is a samba directory in which scans from the MFP are placed. It is necessary that users can delete their scans, but they could not create files there (otherwise, every virus will hack the directory).

How to implement it? Delete to all, Record - to anyone.

  • one
    @Keir, are you sure that: Delete to all, Write to anyone. How (if it is even implemented) scans of users in general appear in this table of contents? What are their rights, owner, group? - Actually, the question is interesting, so to speak Challenge . I am almost 100% sure that standard means cannot be solved. Those. source code in your hands. - avp
  • Can prevent creating files with certain extensions (* .exe, * .dll)? You can also prohibit files whose contents begin on MZ. - sercxjo
  • @sercxjo, how can Samba respond to extensions? I guess I'm just behind the times. - avp
  • one
    @avp, you can through vfs, as antiviruses are screwed - sercxjo

1 answer 1

as rightly suggested in the comments, the built-in tools for such behavior are not.

need to act "bypass".

for example, you can use the inotify mechanism.

In the inotify-tools package, which is probably included in all popular distributions, there is an inotifywait program that you can use for this case.

Here is an example of a script that will track the appearance of files / directories in an infinite loop, and, if they do not meet any criteria, delete them. in this example, the attribute “group ownership” is used, but this is easy to change in order to adapt to the actions of the program that is allowed to create files / directories in the monitored directory.

#!/bin/bash d=/путь/к/отслеживаемому/каталогу g=имя_группы while true; do r=$(inotifywait -re create --format '%w%f' $d 2>/dev/null) #echo $r if [ -n "$r" ]; then gr=$(stat --printf='%G' "$r") if [ "$gr" != "$g" ]; then rm -rf "$r" fi fi done