[Samba] permission problem with vfs object recycle:directory_mode
Nicolas
me at electronico.nc
Sat Jul 23 10:39:45 UTC 2016
On 23/07/2016 20:02, Rowland penny wrote:
> On 23/07/16 07:58, Nicolas wrote:
>> Well,
>>
>> Despite I've recently answered about vfs object recycle on this
>> list, it seems that it isn't working as excepted.
>>
>> Using Samba 4.4.5, compiled from sources
>>
>> Here is the conf for a share:
>> [musique]
>> path = /media/data/musique
>> read only = No
>> vfs objects = acl_xattr recycle
>> recycle:directory_mode = 0770
>> recycle:subdir_mode = 0700
>> recycle:versions = Yes
>> recycle:keeptree = Yes
>> recycle:touch = Yes
>> recycle:repository = .recycle
>> full_audit:prefix = %U|%I|%S
>> full_audit:success = connect disconnect mkdir rmdir open read
>> write rename opendir unlink
>> full_audit:failure = open write mkdir rmdir rename unlink
>> full_audit:facility = local5
>> full_audit:priority = NOTICE
>>
>>
>> recycle:directory_mode parameter is NEVER applied to the .recycle
>> directory, default 0700 is ALWAYS applied (whatever value is set to
>> recycle:directory_mode).
>>
>> Tested several times by :
>> modify smb.conf
>> killall samba
>> /usr/local/samba/sbin/samba
>>
>> Thanks in advance for for help.
>>
>> Nicolas
>>
>> (It turns out that only the first user who deletes a file has access
>> to .recycle, files deleted by other users are unlinked, manually
>> setting 0770 perms on .recycle makes it working as expected)
>>
>>
>>
>
>
> OK, just tested this on a DC (which is what you must be using as you
> are starting the 'samba' binary) and it works for me.
> The .recycle bin gets created with 'drwxrwx---' permissions and whilst
> the owner/group is 'SAMDOM\rowland SAMDOM\domain users', because the
> group permissions are 'rwx' any users should be able to use it.
>
> The only differences between my setup and the one you posted are, I
> didn't use the 'full_audit' lines and I didn't use the totally
> unneeded 'acl_xattr' option to 'vfs objects'. You only need this on a
> domain member.
>
> Rowland
>
>
Thanks Roland,
From tests, it is the
> totally unneeded 'acl_xattr' option to 'vfs objects'
That causes this problem.
(By the way, it is not a 700 permission that is applied but a 750)
Thanks again !
Nicolas
More information about the samba
mailing list