Hi there, I have a WD MCM at my home which I use to backup 3 of my computers (using Macrium Reflect to effect the backups). I have created 3 shares and 3 users for each computer on WD. The individual Macrium process on each coimputer uses its own dedicated share to write the backup files to and the mapping of these shares (from the computers to WD) is done under the dedicated user I created. Each user has R/W access ONLY to the share dedicated for that computer. The accounts and shares segmentation is for security.
I want to make the backup files READ ONLY once they are written to WD, even for the user that is the owner of a particular share. I cannot simply turn the share permission to Read Only for the user because the user needs R/W access to actually write new backup files to the share. I played with “Sticky Bit” setting on the share. What I did to test the functionality was:
- I turn on “Sticky Bit” on a share via SSH.
- Create a new file in the share while using a user’s WD credentials (the share where this user has R/W access)
- This makes the file’s owner as this user and the group as “share”.
- I then changed the owner of this file to another user who has no permissions on this share (not “root”) via SSH.
- Then, I mapped this share on my computer (using “net use”) using the original user’s WD credentials.
- I could still DELETE this file via this map. I should not be to delete this file because this user is NOT the owner and the parent directory of this file has the “Sticky Bit” enabled on it.
Am I doing something wrong or WD’s underlying OS is not respecting the Sticky Bit setting?
(I understand that this does not get me to my goal of no modifications to a file, but I wanted to at least prevent deletes of existing files)
EDIT: Number 3 above to reflect the correct details.
