How to prevent deleting a file in Windows 7. How to prevent deleting applications from iPhone and iPad
A component of security in the operating system is to ensure that deletion of files or directories is prohibited. These measures involve hiding, prohibiting editing, viewing, or adding permissions to process file objects.
Large number created software products, designed to organize the protection of files and folders, but more often they solve the problem of deleting files in a comprehensive manner, making them hidden or denying access.
All directories, files, processes in Windows are created by a specific user. The creators of Windows tried to develop such a protection system that each user has a very specific case of rights. This case contains options of a prohibiting or allowing nature for manipulating processes and file objects.
It is possible to implement a ban at the account level. By creating, for example, a directory or file in an administrator account while simultaneously opening access at the guest account level, leaving them with write, read, and move rights. However, more often you need to make a ban at the level of the current (own) account.
We need to turn to the Windows security system. This method assumes that the file system of the object location disk is initially NTFS. It provides a mechanism for distributing prohibiting and allowing options for all users. FAT systems cannot offer such distinctions.
Moreover, the restrictions imposed do not concern the object itself, but its location. If its location is changed, then access will resume. You also need to understand that prohibiting options have the highest priority compared to allowing ones, so if the same permission and prohibition settings are selected, then the prohibiting rights are executed first.
First, let’s prohibit deletion for a specific user.
However, such a restriction will be wider, since it will be necessary to limit full access.
First of all, open the context menu of the selected file and look for the properties item in it.
In the window that opens, go to the “Security” tab.
In the groups and users field, select the desired user.
Click the “Change” button and, in the window that appears, in the list of group permissions, check the boxes for prohibiting settings.
Now let's save the changes we made.
Let's continue the operation
Now we see that we have checkboxes for the prohibitive options
So, we will set restrictions on full access, which also include a prohibition on deleting the object.
An attempt was made to open an image file from a prohibited location. Now let's try to remove it.
We agree with the warning
However, the following window pops up. Click “Continue”.
The system still does not allow you to delete the object.
We prohibit deleting a large number of objects
The same restriction mechanism can be applied to a large number of objects located in a single directory. In this case, a ban can be imposed on all users of the system. This kind of restriction (for everyone) can be done for a single file. In this case, we will need to add a new user group (“Everyone”). Then, you will need to check the restrictive options boxes.
Go back to the security tab
Click the “Advanced” button to open the advanced settings window.
Then select “Change permissions”:
In this window you need to select “Add”.
In the window for selecting groups and users, write a new category “Everyone” and check the names.
After this procedure, the system will show the placement for which this moment restrictions are met. Next, you just need to click “Ok” and agree to the pop-up warnings.
We agree to continue the operation
As you can see, we have a new group with special rights.
These special rights are also visible here.
Let's try to remove something from this directory.
We agree to move it to the trash.
However, we see a familiar window requiring elevation of rights.
The system thinks a little...
However, it then reports that there is no option to delete the file from this location.
Brief summary
Many created software tools to restrict user access to file system objects. However, Windows has its own built-in tools. The NTFS file system allows you to set restrictive settings for the location of a specific user or for all locations at once. Moreover, such restrictions may prohibit full access or only the deletion of one or many directories and files.
The need to set a ban on deleting applications from iPhone and iPad may arise in a variety of situations. Most often, parents think about it, whose mobile devices used by children who every now and then strive to accidentally delete one of the important applications. Fortunately, setting such a ban is just a matter of a few clicks.
Step 1. Go to menu " Settings» → « Basic» → « Restrictions».
Step 2: Click " Enable restrictions" and enter the password you set earlier. If you have not used this function before, please indicate New Password. If you have forgotten your restrictions password, please contact us to recover it.
Step 3. In the section " Allow» move the switch « Uninstalling programs» to the inactive position.
Step 4. Return to the menu " Settings", by clicking on the arrow " Basic» to save settings.
Ready! It is now impossible to delete from your iPhone or iPad installed applications. When you switch to application deletion mode, crosses will not appear next to the icons.
When you need to delete one of the applications, go to the " Settings» → « Basic» → « Restrictions" and turn on the switch " Uninstalling programs", or click " Turn off restrictions».
Good day.
Historically, I keep a virtual machine for my small projects. However, since I don’t use its resources 100%, I decided not to be greedy and let a few friends hang out. There aren’t many sites, I don’t charge money for hosting, so I thought installing something like cpanel was overkill. In addition, I am one of those who prefer to configure everything manually. I chose the following structure:
/home/hostuser/vhosts/sitename.ru/(tmp,web,logs)
And then the question arose: how to prevent a user from deleting/renaming folders in sitename.ru? If the folder is missing web, then both apache and nginx will issue a warning, but will still load. But if you delete/move the folder logs, then both apache and nginx will not start due to an error (for me it’s quite strange behavior). Folder hostuser wholly owned to this user and his personal group ( hostuser:hostuser), which means that if desired, he will be able to delete any internal folder/file, even if it belongs to the superuser. So how can you prevent deletion/moving so that the user (accidentally or on purpose) does not break the entire hosting?
After some googling, a solution was found. In addition to standard permissions and acl, in file systems like ext2, ext3, ext4 you can set additional attributes for a file. Read more about all attributes on Wiki, or man chattr. We are interested in the attribute immutable. This attribute for a file or folder can only be set by a superuser. If assigns an attribute immutable to the file, then this file cannot be changed or deleted (and even the superuser will not be able to do this until he removes this attribute). If assigns an attribute immutable to the folder, then this folder it will not be possible to delete it, and it will also be impossible to change the structure inside it. Thus, it turns out that if we need to protect a folder sitename.ru and the structure inside it, we need to run a simple command:
Chattr +i /home/hostuser/vhosts/sitename.ru
To remove an attribute you must use the flag -i.
If you only need to protect one folder (for example, logs), you can do the following:
Touch /home/hostuser/vhosts/sitename.ru/logs/.keep chattr +i /home/hostuser/vhosts/sitename.ru/logs/.keep
Actually, this is how you can install “fool protection” (even with superuser rights).
Thank you for your attention.
Paying attention!
It is important to understand that this article not about information security. Castle on mailbox- This Information Security
. The glass on the fire alarm button is foolproof.
If you create a .keep file and give it the attribute -i, the folder itself can be moved and the file can be moved. You cannot delete the file itself and the folder structure before this file.
If you require a stronger level of security, use the attribute immutable together with mount --bind. Using this bundle, you can configure protection against intentional changes to the structure.
Good day.
Historically, I keep a virtual machine for my small projects. However, since I don’t use its resources 100%, I decided not to be greedy and let a few friends hang out. There aren’t many sites, I don’t charge money for hosting, so I thought installing something like cpanel was overkill. In addition, I am one of those who prefer to configure everything manually. I chose the following structure:
/home/hostuser/vhosts/sitename.ru/(tmp,web,logs)
And then the question arose: how to prevent a user from deleting/renaming folders in sitename.ru? If the folder is missing web, then both apache and nginx will issue a warning, but will still load. But if you delete/move the folder logs, then both apache and nginx will not start due to an error (quite strange behavior in my opinion). Folder hostuser completely belongs to this user and his personal group ( hostuser:hostuser), which means that if desired, he will be able to delete any internal folder/file, even if it belongs to the superuser. So how can you prevent deletion/moving so that the user (accidentally or on purpose) does not break the entire hosting?
After some googling, a solution was found. In addition to standard permissions and acl, in file systems like ext2, ext3, ext4 you can set additional attributes for a file. Read more about all attributes on Wiki, or man chattr. We are interested in the attribute immutable. This attribute for a file or folder can only be set by a superuser. If assigns an attribute immutable to a file, then this file cannot be changed or deleted (and even the superuser will not be able to do this until he removes this attribute). If assigns an attribute immutable to a folder, then this folder cannot be deleted, and it will also be impossible to change the structure inside it. Thus, it turns out that if we need to protect a folder sitename.ru and the structure inside it, we need to run a simple command:
Chattr +i /home/hostuser/vhosts/sitename.ru
To remove an attribute you must use the flag -i.
If you only need to protect one folder (for example, logs), you can do the following:
Touch /home/hostuser/vhosts/sitename.ru/logs/.keep chattr +i /home/hostuser/vhosts/sitename.ru/logs/.keep
Actually, this is how you can install “fool protection” (even with superuser rights).
Thank you for your attention.
Paying attention!
It is important to understand that this article not about information security. The lock on the mailbox is Information Security. The glass on the fire alarm button is foolproof.
If you create a .keep file and give it the attribute -i, the folder itself can be moved and the file can be moved. You cannot delete the file itself and the folder structure before this file.
If you require a stronger level of security, use the attribute immutable together with mount --bind. Using this bundle, you can configure protection against intentional changes to the structure.
Many PC users have particularly important data that should never be lost. Of course, you can make a dozen copies of a particularly important file on a variety of media - from disk to box Email. But there is a way to do without additional programs and costs. Let's look at the algorithm of actions in Windows 7.
Instructions
Check that you have computer administrator rights. Otherwise, you will not be able to launch and configure the necessary access settings. Checking is very simple: click the “Start” button, then open “Control Panel”. Double-click the "User Accounts" menu. It will list all the accounts that are on the computer, and below the name there will be an entry for “Administrator” or “Restricted Account.”
The second thing to check is what file system is being used. For example, your file is located on drive D, then open “My Computer” and right-click on the drive D icon. Select the “Properties” menu item - a window with information about the logical drive will immediately open. Find what is written next to the words “File system”. It is necessary that it be an NTFS system - it is the one that supports the separation of access rights. If the system is FAT32, then you can format the logical drive in NTFS system. Just don't forget the important point - formatting deletes all data from the disk.
Let's assume you have computer administrator rights and the file system is suitable - NTFS. Find the file you want to protect from deletion. Right-click the file icon and select the Properties menu. A window will appear with different tabs, in which find and select the “Security” tab.
In the top half you will see a list of user groups that have access to this file. To prohibit deletion file, change user rights. There are rights different types, for example, Full Control, Edit, Read, Read and Edit, Special Permissions. To ensure that no one but you can delete a specific file, “read” access will do - then the file can be opened, but it will not be possible to delete it, change it, or damage it (if it is text).
To differentiate access rights to a file, click the “Change” button. An almost identical window will appear: users are listed at the top, categories of access rights are listed at the bottom. But with one difference: opposite the rights there will be two columns - “Deny” and “Allow” - with the ability to put a check mark next to each line.
To prevent file deletion, click on the “Advanced” button, and then “Change permissions”. A new window will open in which you uncheck the “Inherit permissions” checkbox. A window will appear warning you about removing inherited permissions. Select the “Delete” button in this window and confirm by clicking the “Apply” button. After this, repeat steps 3, 4 and 5, block full access and click “Apply”.
When connecting several computers into a network to access some folders, you need to make appropriate changes to the settings of these directories. Sharing folders and files allows you to perform any actions that may lead to unwanted consequences, such as deleting necessary files. To block files, you need to ban them deletion, and the file editing option should remain active.
You will need
- Editing sharing settings.
Instructions
To create a shared folder, select the desired folder in Explorer, right-click on it, context menu select "Sharing and Security". In the window that opens, check the box next to “Share this folder,” then check the box “Allow editing files over the network.” After clicking on the “Apply” button, a window will appear on the screen, which will display the process of changing the attribute of the files contained in the selected folder.
We have created shared access to the folder, now it is possible to edit any file in the selected folder. To prevent deleting a file from a shared folder, right-click on the folder and select “Properties” in the context menu. In the window that opens, go to the “Security” tab. Select the username under which you are logged in, click the "Advanced" button.
In the window that opens, on the “Permissions” tab, click the “Change” button. In the new “Folder permission item” window, check the boxes next to “Delete subfolders and files” and “Delete”. Then click the "OK" button.
On the Permissions tab, click the Apply button. A window will appear warning you about changing the prohibited elements; click the “Yes” button. Then press the “OK” button 2 times.
Open the shared folder and try to delete any file. After a short wait, a window will appear informing you that there was a file deletion error.
note
Another user with administrative rights can bypass these restrictions.
If you need to reformat a drive to a different file system, first save all of your important data to another medium. After formatting, you can write them back to the original disk.
Attention, TODAY only!
Everything interesting
Windows Developers 7 pay special attention to the secure storage of information on the computer, so the procedure for opening shared access to folders in it is somewhat different from previous versions. Instructions 1To open access to content...
Sometimes a computer user needs to hide the contents of his computer files and folders. This is especially true if someone else is using the computer other than you. There are several simple ways...
Restricting access to selected folders or files in the operating room Microsoft system Windows is running standard means the system itself without involving additional software. Instructions 1Call the main menu of the operating room...
If several people use one computer and several accounts have been created, then sooner or later a situation may arise when it becomes necessary to set rights to certain folders for certain users. The procedure is...
Obtaining access rights to folders and files is a security option. Therefore, you must log in to Windows using account Computer administrator. To access a protected file, you must have rights to it.…
We are talking about operating systems ah Windows, as the most common among users today. Those who work in Linux environment, for the most part do not require explanation, and Macintosh users are generally unaware of these complexities. So you...
If you have your own the local network or a group of many users on a computer, then it may often be necessary to restrict access to a particular folder containing important files, give access only to certain...
Your computer's hard drive may contain information that you would like to hide. It so happened that using standard operating system tools Windows family cannot be ensured limited access to files and folders using a password. But…
