[Samba] Recycle bin and ACL

[Henry Jensen]

Hello,

we are using the vfs module recycle with the following config:

vfs objects = recycle
recycle: repository = .Papierkorb
recycle:directory_mode = 0777
recycle:subdir_mode = 0777
recycle: keeptree = Yes
recycle: exclude = *.tmp, *.temp, *.log, *.ldb
recycle: exclude_dir = tmp
recycle:versions = Yes


Problem is that everybody can see deleted documents in the
recycle bin.


But if I set recycle:subdir_mode = 0770 then members of the group
can not delete into the recycle bin. This is because we are using ACLs.


For example a directory has following ACL:

$ getfacl ttt
# file: ttt
# owner: root
# group: Domain\040Admins
user::rwx
group::rwx
group:projekt-rw:rwx
group:projekt-r:r-x
mask::rwx
other::---


If I delete a file in directory ttt, this directory is created in the recycle bin
with following ACLs:

$ getfacl ttt
# file: ttt
# owner: jensenh
# group: Domain\040Admins
user::rwx
group::rwx
other::---


As you can see the ACLs are lost. This means another member of group projekt-rw will 
be unable to delete something into the recycle bin.

So the only solution is to set directory mode and/or subdir mode to 777. This is far from 
optimum. Has anybody another solution?


Regards,

Henry