Page 1 of 1

Read Only Requirement, No copy no download

PostPosted: Fri Feb 28, 2020 6:53 pm
by itmaw
Hi all,
Can we fulfill the below requirements using Asustor AS6204RS.
1. Read only permission to files.
2. Read only file should not be copied.
3. Read only file should not be downloaded.

Thanks and Regards,
IT MAW

Re: Read Only Requirement, No copy no download

PostPosted: Mon Mar 02, 2020 10:10 am
by orion
That's too special. If a user can read, he should be able to copy & download. What's your usage condition?

Re: Read Only Requirement, No copy no download

PostPosted: Mon Mar 02, 2020 7:07 pm
by father.mande
Hi,

You mix two level of rules
File system access rights for files & folders based on Owner / group and others (except for some file system ... like vfat, etc.)
Applications rights that are linked to USER executing the application ... so access for the application are inherited from access attach to the user

so a read only can be attached to the owner of the file or to the group where the user accessing belongs ...
the read access permit any application running under this specific user to read the file with ANY application and copied it to another place if it have the write access right on this new place

so ... to realize you request (it's VERY complicated and need a full real Linux administrator)
... you must combine user owning application (so for ex. refuse execute right for none authorized users) ... so know all of them
... restricted rights for all with an hidden user, so no application without the good user can have a read access to the file
... switch to user (like su for ex.) when other rules have to be applied.
You understand the complexity to be sure that application able to copy (download is more easy to isolate (ex. through chroot)) a file is not missed ...
This imply to restrict applications to the minimum and to understand for EACH how they used files and folders ...
If you are a Linux admin expert ... F.Y.I. Linux ACL are set in the kernel (for x86_64 model) ... so adding the ACL tools (not provide but available in Entware APKG) you can have a better finest approach ... but rules stay the same.

So to be able to, perhaps, help you ... "orion" question is THE question.

Philippe.

Re: Read Only Requirement, No copy no download

PostPosted: Wed Apr 08, 2020 11:20 am
by brucelee2019
it seems a bit contradictory