[Samba] vfs_recycle disables permissions inheritance on AD DC shares
Rowland penny
rpenny at samba.org
Mon Dec 2 17:35:57 UTC 2019
On 02/12/2019 17:17, Sebastian Arcus via samba wrote:
>
> On 02/12/19 16:53, Rowland penny via samba wrote:
>> On 02/12/2019 16:24, Sebastian Arcus via samba wrote:
>>>
>
> </snip>
>
>>
>>>> You should have 'vfs objects = dfs_samba4 acl_xattr recycle'
>>>
>>> Thank you very much for this - now it is working. This lack of
>>> permissions inheritance issue has been plaguing me for months - it
>>> is very useful to finally find what has been causing it. Would it be
>>> a good idea to add the information above somewhere in the wiki, in
>>> case others will face the same issue at some point?
>>
>> You are probably correct, but where to put it ???
>
> The following man page is the one I read several times when things
> started to get hairy and I narrowed things down to issues with vfs
> recycle - and where I was looking for some enlightening notes on the
> subject:
>
> https://www.samba.org/samba/docs/current/man-html/vfs_recycle.8.html
>
> Something along the lines of:
>
> "vfs objects = recycle
>
> Please note that the config line above will reset the vfs objects
> already configured, which can have unintended consequences, specially
> when Samba is configured in AD mode. To avoid this, the recycle module
> should be added to existing vfs objects (... with some suitable
> instructions on how to find out which existing vfs modules are
> configured by default, maybe)"
>
> Maybe something like the above?
> </snip>
>
Possibly for 'recycle', but this would happen for any 'vfs object' added
to a DC that didn't list the defaults (it also applies to Unix domain
members, where listing 'vfs objects' in a share, overrides any set in
[global])
Rowland
More information about the samba
mailing list