Discussion:
[Samba] permission problem with vfs object recycle:directory_mode
Nicolas
2016-07-23 06:58:57 UTC
Permalink
Well,

Despite I've recently answered about vfs object recycle on this list,
it seems that it isn't working as excepted.

Using Samba 4.4.5, compiled from sources

Here is the conf for a share:
[musique]
path = /media/data/musique
read only = No
vfs objects = acl_xattr recycle
recycle:directory_mode = 0770
recycle:subdir_mode = 0700
recycle:versions = Yes
recycle:keeptree = Yes
recycle:touch = Yes
recycle:repository = .recycle
full_audit:prefix = %U|%I|%S
full_audit:success = connect disconnect mkdir rmdir open read
write rename opendir unlink
full_audit:failure = open write mkdir rmdir rename unlink
full_audit:facility = local5
full_audit:priority = NOTICE


recycle:directory_mode parameter is NEVER applied to the .recycle
directory, default 0700 is ALWAYS applied (whatever value is set to
recycle:directory_mode).

Tested several times by :
modify smb.conf
killall samba
/usr/local/samba/sbin/samba

Thanks in advance for for help.

Nicolas

(It turns out that only the first user who deletes a file has access to
.recycle, files deleted by other users are unlinked, manually setting
0770 perms on .recycle makes it working as expected)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Nicolas
2016-07-23 10:39:45 UTC
Permalink
Post by Nicolas
Well,
Despite I've recently answered about vfs object recycle on this
list, it seems that it isn't working as excepted.
Using Samba 4.4.5, compiled from sources
[musique]
path = /media/data/musique
read only = No
vfs objects = acl_xattr recycle
recycle:directory_mode = 0770
recycle:subdir_mode = 0700
recycle:versions = Yes
recycle:keeptree = Yes
recycle:touch = Yes
recycle:repository = .recycle
full_audit:prefix = %U|%I|%S
full_audit:success = connect disconnect mkdir rmdir open read
write rename opendir unlink
full_audit:failure = open write mkdir rmdir rename unlink
full_audit:facility = local5
full_audit:priority = NOTICE
recycle:directory_mode parameter is NEVER applied to the .recycle
directory, default 0700 is ALWAYS applied (whatever value is set to
recycle:directory_mode).
modify smb.conf
killall samba
/usr/local/samba/sbin/samba
Thanks in advance for for help.
Nicolas
(It turns out that only the first user who deletes a file has access
to .recycle, files deleted by other users are unlinked, manually
setting 0770 perms on .recycle makes it working as expected)
OK, just tested this on a DC (which is what you must be using as you
are starting the 'samba' binary) and it works for me.
The .recycle bin gets created with 'drwxrwx---' permissions and whilst
the owner/group is 'SAMDOM\rowland SAMDOM\domain users', because the
group permissions are 'rwx' any users should be able to use it.
The only differences between my setup and the one you posted are, I
didn't use the 'full_audit' lines and I didn't use the totally
unneeded 'acl_xattr' option to 'vfs objects'. You only need this on a
domain member.
Rowland
Thanks Roland,
From tests, it is the
totally unneeded 'acl_xattr' option to 'vfs objects'
That causes this problem.
(By the way, it is not a 700 permission that is applied but a 750)
Thanks again !
Nicolas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...