[Samba] permission problem with vfs object recycle:directory_mode
Rowland penny
rpenny at samba.org
Sat Jul 23 09:02:25 UTC 2016
On 23/07/16 07:58, Nicolas wrote:
> Well,
>
> Despite I've recently answered about vfs object recycle on this list,
> it seems that it isn't working as excepted.
>
> Using Samba 4.4.5, compiled from sources
>
> Here is the conf for a share:
> [musique]
> path = /media/data/musique
> read only = No
> vfs objects = acl_xattr recycle
> recycle:directory_mode = 0770
> recycle:subdir_mode = 0700
> recycle:versions = Yes
> recycle:keeptree = Yes
> recycle:touch = Yes
> recycle:repository = .recycle
> full_audit:prefix = %U|%I|%S
> full_audit:success = connect disconnect mkdir rmdir open read
> write rename opendir unlink
> full_audit:failure = open write mkdir rmdir rename unlink
> full_audit:facility = local5
> full_audit:priority = NOTICE
>
>
> recycle:directory_mode parameter is NEVER applied to the .recycle
> directory, default 0700 is ALWAYS applied (whatever value is set to
> recycle:directory_mode).
>
> Tested several times by :
> modify smb.conf
> killall samba
> /usr/local/samba/sbin/samba
>
> Thanks in advance for for help.
>
> Nicolas
>
> (It turns out that only the first user who deletes a file has access
> to .recycle, files deleted by other users are unlinked, manually
> setting 0770 perms on .recycle makes it working as expected)
>
>
>
OK, just tested this on a DC (which is what you must be using as you are
starting the 'samba' binary) and it works for me.
The .recycle bin gets created with 'drwxrwx---' permissions and whilst
the owner/group is 'SAMDOM\rowland SAMDOM\domain users', because the
group permissions are 'rwx' any users should be able to use it.
The only differences between my setup and the one you posted are, I
didn't use the 'full_audit' lines and I didn't use the totally unneeded
'acl_xattr' option to 'vfs objects'. You only need this on a domain member.
Rowland
More information about the samba
mailing list