Now on SourceForge!
ArchiverFS was recently added to SourceForge, please feel free to head on over and leave a review.
ArchiverFS - Read Only Archives
Home | Product Home | Pricing | Download | Documentation | Release Notes | Customers
Configuring read only archives.
Several customers have recently asked us what the best way of creating a read only archive is, one that allows users to open and read archived files but which prevents users from modifying those archived files thus forcing the creation of a new file if changes are needed. They essentially wanted to implement a form of versioning for their archived files.
This is actually really easy to do through the use of share permissions. It's worth stressing that we aren't referring to NTFS permissions here, we are looking at the actual permissions in place on the network shares.
You can view the permissions in place on a share by right clicking on a folder that has been shared out as a network share, clicking on 'Properties', going to the 'Sharing' tab, clicking on 'Advanced Sharing' and then clicking on 'Permissions'. Here you will find a list of the permissions for the share.
The effective permissions any one specific user has to a share and its contents are defined through a combination of the share permissions and NTFS permissions, essentially the most restrictive wins. Lets imagine we have a user called 'Phil' and he is a member of the 'Domain Users' group which is listed in the share permissions of a share as 'Read' and the NTFS permissions as 'Modify'. Phil will only have 'Read' permissions to the share in question as he is restricted by the 'Domain Users' = Read entry.
It's by taking advantage of this 'most restrictive wins' behavior that we can make an archive and all of it's contents read only.
Typically we would recommend setting the share permissions to the following to make an archive share read only for normal users:
Administrators = Modify
Domain Users = Read
ArchiverFS Service Account = Modify
This combination will prevent users from changing archived files whilst still allowing ArchiverFS the access it needs to work. If a user wants to modify an archived file then they will need to open it and save any changes as a copy of the file in the live file system.
Edit (01/06/2021): The latest version of ArchiverFS now includes the ability to specify that any links\shortcuts the software creates should be marked as 'Read-Only'. This means that in addition to making your archives read only, you can now make the accidental deletion of links or shortcuts far less likely.