7

I want to restrict my users on deleting files from trash. Also i dont want my users to delete files bypassing trash. Is there any way to do this?

karthick87
  • 81,947
  • You don't want them to be able to delete any files whatsoever? Or you want that they are unable to delete some files in a certain directory? – belacqua Apr 05 '11 at 15:44
  • They can delete the files but i dont want them to clear it from trash. – karthick87 Apr 07 '11 at 05:40
  • So, it sounds like you want the users to have a "delete to trash" function, but it will not really give them the option to permanently delete things? Also, you aren't worrying about a command-line rm or other command line shortcuts? – belacqua Apr 07 '11 at 05:44

5 Answers5

4

No, users will always be able to delete the files they own (modulo some complex ACL setups which are not feasible for a desktop).

Adam Byrtek
  • 9,811
3

The trash can in ubuntu is just a special subdirectory under the user's home folder, which by definition is owned by that user. Even if you change the file permissions, the user could change them back and then delete the file.

If you are trying to avoid data loss, a much better solution would be to set up automated backups - that way anything that did get deleted could be recovered.

belacqua
  • 23,120
ImaginaryRobots
  • 9,136
  • True, though if you chown the files (as root) to a different user, the user will not be able to change them back unless they have sudo/root ability. Of course, this is not feasible for the entire user directory. +1 for the auto-backups. – belacqua Apr 05 '11 at 15:45
  • sorry for the spurious edit.... – belacqua Apr 05 '11 at 15:47
2

Part One

We will change the attributes of the trashed files so only root can change it back and eventually delete then.

1) Edit /etc/rc.local to looks like this: 

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing 
# but desgua has changed it 
# to keep a copy of trashed files
while [ "$var1" != "end" ]
do
sudo chattr +i /home/user_name/.local/share/Trash/files/* 
sleep 2
done
exit 0

4) Make it executable. 

sudo chmod +x /etc/rc.local

5) Reboot or logout and log back in.

ps-1: just to take it easy with the processor the attribute change is made every 2 seconds. You may change that as you like.
ps-2: to remove the attribute "i" (immutable) just execute: 

sudo chattr -i /home/user_name/.local/share/Trash/files/*

Part Two

To disable bypassing trash.

1) Open gconf-editor. 

gconf-editor

2) Go to /apps/nautilus/preferences/enable_delete right click on it and "Set Mandatory".

Part Three
Disabling Shift + Del

We will mod keymap.

1) Create a file

nano ~/.Xmodmap

2) Paste this and save:

keycode 119 = Delete BackSpace

obs.: use "xev" to check if you keyboard Del really is "keycode 119"

3) We sure don't want this file to be deleted, so: 

 sudo chattr +i ~/.Xmodmap

5) Reboot, logout or execute: 

xmodmap ~/.Xmodmap

Now done!

  • last edit 04/07/2011
desgua
  • 32,917
1

I have not tested it thoroughly, but you should be able to do something like

chmod -r $HOME/.local/share/Trash/files

Then you can move files to trash, but you can't view them there. But, of course, anyone can change the permissions back.

You have to restart your session/computer in order to apply this change.

arrange
  • 14,959
  • This doesn't address the more difficult issue the OP raised: "Also i dont want my users to delete files bypassing trash." – belacqua Apr 05 '11 at 15:48
0

desgua's answer covered all your requirements (and should be accepted answer, IMHO), but i think its important to highlight a few points:

  • No matter what you do to the files at trashcan, you will be editing files and its permitions in a user-controllable folder ($HOME/.local/share/Trash). And since you cant remove permitions to user's $HOME, user could undo any changes.

  • Same goes for Gnome configurations, such as nautilus preferences and keyboard bindings. At best, you can change the default behaviour, but, again, any user could override this settings for its own session.

  • What about rm and similar CLI commands? rm is just an example, but there are tons of other commands that can be used by a user to delete (or destroy) its own files. Are you planning on removing the Terminal at all? What about Gnome's ALT+F2 (Run Application) ?

My point is: no matter what to do, its the users files, its the user session, and they will be able to bypass any protection you do if they want (and know how) to. desgua's answer is amazing, but be aware that its cosmetic only, useful only if you have non-techinical users. Its meant to be a convenience rather than a true security measure.

Theres no true way to really achieve what you want unless you really change the whole distro in a very unusual way.

That said, why exatctly do you want this? For security or convenience? Isnt proper linux training to your users much better (and easier) than this?

MestreLion
  • 20,086