[Samba] vfs_recycle disables permissions inheritance on AD DC shares

Christopher Cox chriscox at endlessnow.com
Mon Dec 2 16:34:01 UTC 2019

On 12/2/19 10:24 AM, Sebastian Arcus via samba wrote:
> On 02/12/19 15:44, Rowland penny via samba wrote:
>> On 02/12/2019 15:32, Sebastian Arcus via samba wrote:
>> No, I am saying that you have turned off the default vfs objects by 
>> just specifying one.
>> You should have 'vfs objects = dfs_samba4 acl_xattr recycle'
> Thank you very much for this - now it is working. This lack of 
> permissions inheritance issue has been plaguing me for months - it is 
> very useful to finally find what has been causing it. Would it be a good 
> idea to add the information above somewhere in the wiki, in case others 
> will face the same issue at some point?
> Again, thank you for the quick replies.

The way I've handled this on software I've written (not samba) is to 
support the concept of +feature and -feature.  That is "add to 
defaults", "subtract from defaults".

If such a thing were supported, then:

vfs objects = +recycle

would not have nuked the default options.

Obviously things get tricky when using something like testparm to clean 
up and write out a clean smb.conf.  Likely you'd just explode things 
out, which might not be what you'd want, but might be the only way to 
make this realistic.

Just ideas...

More information about the samba mailing list