• How to disable folder deletion. How to prevent the deletion of a file (folder) on a computer? We prohibit deleting a large number of objects

    Good time of the day.

    Historically, it so happened that for my small projects I keep a virtual machine. However, since I do not use its resources 100%, I decided not to be greedy and let a few friends hang out. There are not many sites, I don’t take money for hosting, so I considered it too much to install something like cpanel. Besides, I'm one of those who prefer to set everything up manually. I chose the following structure:

    /home/hostuser/vhosts/sitename.ru/(tmp,web,logs)
    And then the question arose: how to prevent the user from deleting / renaming folders in sitename.ru? If the folder is missing web, then both apache and nginx will issue a warning, but will still boot. But if delete/move the folder logs, then both apache and nginx will not start due to an error (quite strange behavior for me). Folder hostuser fully owned by this user and his personal group ( hostuser:hostuser), which means that if desired, he will be able to delete any internal folder / file, even if it belongs to the superuser. So how can you disable deletion/relocation so that the user (accidentally or on purpose) does not break the entire hosting?

    After a short googling, the solution was found. In addition to standard permissions and acl, in file systems like ext2, ext3, ext4, additional attributes can be set for a file. Read more about all attributes on Wiki , or man chattr . We are interested in the attribute immutable. This attribute for a file or folder can only be set by the superuser. If assign attribute immutable to a file, then this file cannot be changed or deleted (and even the superuser cannot do this until this attribute is removed). If assign attribute immutable on a folder, then this folder cannot be deleted, and it will also be impossible to change the structure inside it. Thus, it turns out that if we need to protect the folder sitename.ru and the structure inside it, we need to execute a simple command:

    Chattr +i /home/hostuser/vhosts/sitename.ru
    To remove an attribute, you must use the flag -i.

    If you only need to protect one folder (for example, logs), you can do the following:

    Touch /home/hostuser/vhosts/sitename.ru/logs/.keep chattr +i /home/hostuser/vhosts/sitename.ru/logs/.keep
    Actually, this is how you can put "protection from a fool" (even with superuser rights).

    Thank you for your attention.

    Paying attention!

    It is important to understand that this article not about information security. The lock on the mailbox is Information Security. The glass on the fire alarm button is foolproof.
    If you create a .keep file and give it an attribute -i, the folder itself can be moved, and the file can be moved. You cannot delete the file itself and the folder structure before this file.
    If you require a stronger level of security, use the attribute immutable together with mount --bind. Using this bundle, you can configure protection against intentional changes to the structure.

    Good time of the day.

    Historically, it so happened that for my small projects I keep a virtual machine. However, since I do not use its resources 100%, I decided not to be greedy and let a few friends hang out. There are not many sites, I don’t take money for hosting, so I considered it too much to install something like cpanel. Besides, I'm one of those who prefer to set everything up manually. I chose the following structure:

    /home/hostuser/vhosts/sitename.ru/(tmp,web,logs)
    And then the question arose: how to prevent the user from deleting / renaming folders in sitename.ru? If the folder is missing web, then both apache and nginx will issue a warning, but will still boot. But if delete/move the folder logs, then both apache and nginx will not start due to an error (quite strange behavior for me). Folder hostuser fully owned by this user and his personal group ( hostuser:hostuser), which means that if desired, he will be able to delete any internal folder / file, even if it belongs to the superuser. So how can you disable deletion/relocation so that the user (accidentally or on purpose) does not break the entire hosting?

    After a short googling, the solution was found. In addition to standard permissions and acl, in file systems like ext2, ext3, ext4, additional attributes can be set for a file. Read more about all attributes on Wiki , or man chattr . We are interested in the attribute immutable. This attribute for a file or folder can only be set by the superuser. If assign attribute immutable to a file, then this file cannot be changed or deleted (and even the superuser cannot do this until this attribute is removed). If assign attribute immutable on a folder, then this folder cannot be deleted, and it will also be impossible to change the structure inside it. Thus, it turns out that if we need to protect the folder sitename.ru and the structure inside it, we need to execute a simple command:

    Chattr +i /home/hostuser/vhosts/sitename.ru
    To remove an attribute, you must use the flag -i.

    If you only need to protect one folder (for example, logs), you can do the following:

    Touch /home/hostuser/vhosts/sitename.ru/logs/.keep chattr +i /home/hostuser/vhosts/sitename.ru/logs/.keep
    Actually, this is how you can put "protection from a fool" (even with superuser rights).

    Thank you for your attention.

    Paying attention!

    It is important to understand that this article not about information security. The lock on the mailbox is Information Security. The glass on the fire alarm button is foolproof.
    If you create a .keep file and give it an attribute -i, the folder itself can be moved, and the file can be moved. You cannot delete the file itself and the folder structure before this file.
    If you require a stronger level of security, use the attribute immutable together with mount --bind. Using this bundle, you can configure protection against intentional changes to the structure.

    The need to set a ban on deleting applications from iPhone and iPad can arise in a variety of situations. Most often, parents think about it, whose mobile devices are used by children, who now and then strive to accidentally delete one of the important applications. Fortunately, setting such a ban is just a matter of a few clicks.

    Step 1. Go to the menu " Settings» → « Main» → « Restrictions».

    Step 2. Click " Enable Restrictions” and enter the password you set earlier. If you have not used this feature before, enter a new password. In the event that you have forgotten your restrictions password, please contact us to reset it.

    Step 3. In the section " allow» move the switch « Uninstalling programs» to inactive position.

    Step 4. Return to the menu " Settings" by clicking on the arrow " Main» to save the settings.

    Ready! It is now impossible to uninstall installed apps from your iPhone or iPad. When switching to the mode of deleting applications, crosses near the icons will not appear.

    When you need to uninstall one of the applications, go to the menu " Settings» → « Main» → « Restrictions" and turn on the switch " Uninstalling programs" or click " Turn off restrictions».

    How to put a ban on deleting files?

    Master's response:

    Working in a local network, there is often a need to protect information not only from espionage, but also from various incorrect actions of other users. Through Windows, you can put a ban on deleting files that are in the public domain.

    Let's log into the system with administrator rights. In the "Control Panel" menu, open the "Folder Options" submenu, go to the "View" tab and uncheck the item called "Use simple sharing ...".

    In the "Effective Permissions" tab, double-click on an empty space in the "Permission Elements" section. In the dialog box that opens, click "Change" and enter the name of the account, the owner of which will not be able to delete files. To confirm the operation, click "OK".

    Next, in the "Permission Elements" window, check the "Deny" checkbox next to the "Delete" and "Delete subfolders and files" items. If necessary, we will prohibit other actions for this account. Confirm everything by pressing the "OK" button.

    If the "Security" tab is unavailable, call the "Open" line from the "Start" menu or by pressing the Win + R key combination. Let's enter the gpedit.msc command and expand the snap-ins under the names "User Configuration", "Administrative Templates", "Windows Components".

    Next, in the File Explorer folder, we need to check the status of the "Remove Security Tab" policy. If it is enabled, then by right-clicking, we will call the drop-down menu, select "Properties" and move the radio button to the "Not configured" position. Next, click "OK" to confirm the operation.

    If we have Windows Home Edition installed on our PC, then making these changes is also possible in safe mode. Reboot the computer and after the first hardware question, press F8. In the boot options menu, select the line "Safe Mode".

    To the question of the system about whether to continue working in this mode, we answer “Yes”. After Windows boots up, right-click on the required folder, select "Properties" and go to the "Security" tab - in this mode it will be available.

    Many PC users have particularly important data that should never be lost. Of course, you can make a dozen copies of a particularly important file on a variety of media - from a disk to an e-mail box. But there is a way to do without additional programs and costs. Consider the algorithm of actions in Windows 7.

    Instruction

    Check that you have administrator rights on the computer. Otherwise, you will not be able to launch and configure the necessary access settings. Checking is very simple: click the "Start" button, then open the "Control Panel". Double-click on the "User Accounts" menu. It will list all the accounts that are on the computer, and below the name will be the entry "Administrator" or "Restricted Account".

    The second thing to check is what file system is being used. For example, your file is located on the D drive, then open "My Computer" and right-click on the D drive icon. Select the "Properties" menu item - a window with information about the logical drive will immediately open. Find what is written opposite the words "File system". It must be an NTFS system - it is she who supports the separation of access rights. If the system is FAT32, then you can format the logical drive in the NTFS system. Just do not forget an important point - formatting deletes all data from the disk.

    Suppose you have administrator rights on the computer, and the file system is suitable - NTFS. Find the file you want to protect from deletion. Right-click the file's icon and select the Properties menu. A window will appear with different tabs, in which find and select the "Security" tab.

    In the top half, you will see a list of user groups that have access to this file. To ban removal file, change user rights. There are different types of rights, for example, "Full Control", "Change", "Read", "Read and Modify", "Special Permissions". So that no one but you can delete a specific file, “read” access is suitable - then the file can be opened, but it will not be possible to delete it, change it, damage it (if it is text).

    In order to differentiate file access rights, click the "Change" button. Almost the same window will appear: the users are listed at the top, and the categories of permissions are listed at the bottom. But with one difference: opposite the rights there will be two columns - "Deny" and "Allow" - with the ability to put a checkmark in front of each line.

    To prevent the file from being deleted, click on the "Advanced" button, and then - "Change permissions". A new window will open, in which uncheck the box "Inherit permissions". A window will appear warning you about removing inherited permissions. Select the "Delete" button in this window and confirm by pressing the "Apply" button. After that, repeat steps 3, 4 and 5, put a ban on full access and click "Apply".

    When connecting several computers to a network, in order to access some folders, it is necessary to make appropriate changes to the settings of these directories. Sharing folders and files allows you to perform any action that may lead to undesirable consequences, such as deleting the files you need. To block files, you need to make a ban on them removal, and the option to edit files should remain active.

    You will need

    • Editing sharing settings.

    Instruction

    To create a shared folder, select the desired folder in Explorer, right-click on it, select Sharing and Security from the context menu. In the window that opens, check the box next to "Share this folder", then check the box "Allow changes to files over the network." After clicking on the "Apply" button, a window will appear on the screen, in which the process of changing the attribute of the files contained in the selected folder will be displayed.

    Created a shared folder, now it is possible to edit any file of the selected folder. To prohibit deleting a file from a shared folder, right-click on the folder, select "Properties" in the context menu. In the window that opens, go to the "Security" tab. Select the username under which you are logged in, click the "Advanced" button.

    In the window that opens, on the "Permissions" tab, click the "Edit" button. In the new Folder Permission Element window, check the boxes next to Delete Subfolders and Files and Delete. Then click the "OK" button.

    On the Permissions tab, click the Apply button. You will see a window with a warning about changing the elements of the ban, click the "Yes" button. Then press the "OK" button 2 times.

    Open the shared folder and try to delete any file. After a short wait, a window will appear that will inform you about the file deletion error.

    note

    Another user with administrative rights can bypass these restrictions.
    If you need to reformat the drive to a different file system, first save any data that is important to you on another medium. After formatting, you can write them back to the original disk again.


    Attention, only TODAY!

    All interesting

    The developers of Windows 7 pay special attention to the secure storage of information on the computer, so the procedure for sharing folders in it is somewhat different from previous versions. Instruction 1To open access to content ...

    Sometimes a computer user needs to hide the contents of their computer files and folders. This is especially true if someone else other than you is using the computer. There are several easy ways...

    Restriction of access to selected folders or files in the Microsoft Windows operating system is performed by standard means of the system itself without the involvement of additional software. Instruction 1Call the main menu of the operating ...

    If several people use one computer and several accounts are created, then sooner or later a situation may arise when it becomes necessary to set the rights to certain folders for certain users. The procedure is…

    Gaining access rights to folders and files is a security option. Therefore, Windows must be logged on with an Administrator account on the computer. To access a protected file, you must have rights to it.…

    We are talking about Windows operating systems, as the most common among users today. For the most part, those who work in a Linux environment do not need to be explained, and Macintosh users are generally unaware of these complexities. So, you...

    If you have your own local network or a group of many users on your computer, then it may often be necessary to restrict access to a particular folder containing important files, to give access only to a certain ...

    Your computer's hard drive may contain information that you would like to hide. It so happened that the standard means of operating systems of the Windows family cannot provide limited access to files and folders using a password. But…

    Read more: