[Samba] Recycle bin and ACL
Cybionet
cybionet at videotron.ca
Thu Jun 21 10:05:45 GMT 2007
Greeting Henry,
I don't have use recycle:directory_mode and recycle:directory_mode
parameters yet. But try to remove these parameters and set on the
.Papierkorb directory 2770 POSIX permission. After set ACL permisson for
projekt-rw group.
chmod 2770 .Papierkorb
chown root:root .Papierkorb
setfacl -m group:projekt-rw:rwx .Papierkorb
setfacl -d -m group:projekt-rw:rwx .Papierkorb
With this, only the owner name will change. The permission for group
will always be the same as you wish. And on the share you can set these
parameters to be sure that all work correctly
force create mode = 660
directory mode = 770
Hope that will work!
Regards,
Robert
--
Cybionet - Solution reseautique
http://www.cybionet.com
> Hello,
>
> we are using the vfs module recycle with the following config:
>
> vfs objects = recycle
> recycle: repository = .Papierkorb
> recycle:directory_mode = 0777
> recycle:subdir_mode = 0777
> recycle: keeptree = Yes
> recycle: exclude = *.tmp, *.temp, *.log, *.ldb
> recycle: exclude_dir = tmp
> recycle:versions = Yes
>
>
> Problem is that everybody can see deleted documents in the
> recycle bin.
>
>
> But if I set recycle:subdir_mode = 0770 then members of the group
> can not delete into the recycle bin. This is because we are using ACLs.
>
>
> For example a directory has following ACL:
>
> $ getfacl ttt
> # file: ttt
> # owner: root
> # group: Domain\040Admins
> user::rwx
> group::rwx
> group:projekt-rw:rwx
> group:projekt-r:r-x
> mask::rwx
> other::---
>
>
> If I delete a file in directory ttt, this directory is created in the recycle bin
> with following ACLs:
>
> $ getfacl ttt
> # file: ttt
> # owner: jensenh
> # group: Domain\040Admins
> user::rwx
> group::rwx
> other::---
>
>
> As you can see the ACLs are lost. This means another member of group projekt-rw will
> be unable to delete something into the recycle bin.
>
> So the only solution is to set directory mode and/or subdir mode to 777. This is far from
> optimum. Has anybody another solution?
>
>
> Regards,
>
> Henry
>
>
More information about the samba
mailing list