[rsbac] Disable file deletion.
Andrea Pasquinucci
liste at ucci.it
Fri Jul 6 11:17:40 CEST 2007
On Mon, Jul 02, 2007 at 04:59:44PM +0200, Amon Ott wrote:
* On Monday 02 July 2007 16:45, Sander Klein wrote:
* > I'm new to rsbac so this question might be off topic for this list.
* >
* > I'm looking for a way to have my users upload files (preferably
* > using ssh) and not be able to delete or modify them after they have
* > uploaded them. Is rsbac capable of doing this?
*
* You can set FF flag APPEND_ONLY - all allowed write accesses are
* CREATE and APPEND_OPEN then. RC and ACL can do the same, and
* additionally allow somebody else different kinds of access.
*
* So you can easily deny RENAME, DELETE and other write accesses. RSBAC
* does not have a "write_once" right, though, so that appends will
* still be possible.
I am doing this (i.e. using APPEND_ONLY with RC) in production
environment to simulate soft WORM (Write-Once Read-Many) and there is a
growing demand for this, for example to store log files or transactions
files with digital signatures to be 'forensic proven'.
A real soft WORM feature would be very useful and will allow the use of
RSBAC also for these particular applications. Is it possible? Thanks,
Andrea
--
Andrea Pasquinucci liste at ucci.it - http://www.ucci.it/
More information about the rsbac
mailing list