Prevent Delete

Inovati

I am looking for a way that the user is able to upload and tag albums through zen but not delete. I do not want to be able to delete files through zen at all, but possibly the albums and database entries would be alright. The problem I have is that many people use and update zen, but don't always know what they are doing, so I want to prevent an accidental deletion of the files. I've tried ACLs but its an OS X server so it is temperamental and only listens when it wants.

Is it possible to remove an album from zenphoto without removing the files from the disk? Or is it possible to remove the "remove album" functionality all together? Right now I feel it is very dangerous allowing zen to delete files from my server.

Thanks

sbillard

Well, I am pretty sure you won't have any accidental deletions of images. No one could possibly miss the warnings. Of course someone could delete an image you did not want them to delete.

Zenphoto is filesystem based. So, no, it is not possible to remove anything without also removing it from the filesystem.

Inovati

Thanks sbillard, you're always quick and helpful.

That being said, the apache user must be able to control those files, so by not allowing delete by the apache user it shouldn't be able to delete the files, am I right? I think I can control that using ACLs "deny delete", if the apache user can follow those. Anybody know for sure?

sbillard

Remember that Zenphoto is not running (on apache) as one of the zenphoto users, it is running under the server user. Also, it "owns" all the files, at least the ones it created. So, of course, it can delete them.