[Samba] vfs_recycle and permissions

samba.20.andwin at spamgourmet.com samba.20.andwin at spamgourmet.com
Mon Jun 16 01:51:00 MDT 2014


many thanks for providing this patch, it looks very promising!
During my tests I've found a minor issue: ACLs which are defined
additionally to inherited ACLs don't seem to be honored. You should be
able to reproduce this by doing the following:
1) Assuming there is a share with some inheritable ACLs, lets say
\\share with ACL1 and ACL2
2) Create a test folder \\share\testDir and put a file into it:
3) ACL1 and ACL2 will be inherited to testDir and test.txt
4) Now apply an additional inheritable ACL3 to testDir. testDir and
test.txt will now have ACL1, ACL2 and ACL3.
5) Now delete testDir. test.txt in the recycle repository will still
have ACL1, ACL2 and ACL3. However, testDir will just have ACL1 and
ACL2 instead of all three of them.

I'm looking forward to having this patch in an official stable release!

Best regards

On Fri, Jun 13, 2014 at 11:10 AM, Samuel Cabrero -
scabrero at zentyal.com
<samba.andwin.54c20e89f9.scabrero#zentyal.com at ob.0sg.net> wrote:
> Hi,
> we are testing this patch to inherit NT ACLs. Maybe you could test it also,
> feedback will be really appreciated :)
> Just add to smb.conf:
> recycle: inherit_nt_acl = yes
> Cheers.
> On 13/06/14 09:39, samba.20.andwin at spamgourmet.com wrote:
>> Hi,
>> at our site we are using Samba 4.1.8 as an AD controller and on
>> another machine as member server and all is working fine so far. Now I
>> want to provide recycle repositories for some shares on the member
>> server, so I set
>> vfs objects = acl_xattr recycle
>> recycle:keeptree = yes
>> in the corresponding share sections in smb.conf on the member server.
>> The problem is that the subdirectories created in the repository seem
>> to receive arbitrary permissions (UNIX permissions, UNIX ACLs and NT
>> ACLs) regardless of the recycle:directory_mode and recycle:subdir_mode
>> settings, whereas the files which are moved to the recycle repository
>> keep their original permissions.
>> Ideally, also the directories in the recycle repository would keep the
>> original permissions.
>> Is there a way to configure the vfs_recycle module so that also the
>> directory tree in the recycle repository retains the original
>> permissions and ACLs?
>> How do other people deal with permissions in the recycle repository in
>> combination with NT ACLs?
>> Best regards
>> Andreas
> --
> Samuel Cabrero - Developer
> scabrero at zentyal.com
> Zentyal - Active Exchange
> www.zentyal.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list