[Samba] vfs_recycle disables permissions inheritance on AD DC shares
Sebastian Arcus
s.arcus at open-t.co.uk
Mon Dec 2 14:28:07 UTC 2019
Apologies if this is a documented feature and I missed it - I've been
googling and reading through the docs but haven't spotted any mention
anywhere. Is the vfs_recycle feature officially being supported with
Samba in AD mode? I have a few AD DC's with file shares on them - and
have been struggling with file permissions not being inherited on the
file shares. I have finally narrowed it down to the fact that if I
enable the vfs_recycle module on the shares, this disables permission
inheritance on the respective share. Could anybody confirm this please -
or am I doing something wrong?
I am on Samba 4.10.8 and 4.9.4, Slackware 64, as mentioned above all
servers are AD DC's, the file system is EXT4, and here is my smb.conf:
[global]
netbios name = MY-SERVER-NAME
realm = MYDOMAIN.LAN
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = MYDOMAIN
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
ntlm auth = yes
time server = yes
[netlogon]
path = /var/lib/samba/sysvol/mydomain.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[shared_files]
path = /srv/samba/shared_files
read only = No
vfs objects = recycle
recycle:repository = Recycle.Bin
recycle:directory_mode = 0770
recycle:subdir_mode = 0770
recycle:exclude =
*.tmp,*.temp,*.o,*.obj,~$*,*.~??,~*.*,*.TMP,*.TEMP,lock.*,.~lock.*,LOCK.*,*.lock,*.~lock,*.LNK,*.lnk,*.ldb,*-
journal
recycle:versions = Yes
recycle:touch_mtime = Yes
recycle:keeptree = No
recycle:minsize = 1
More information about the samba
mailing list