[Samba] SAMBA AD VFS:Recycle bad permissions

Rowland penny rpenny at samba.org
Mon Jun 10 08:32:39 UTC 2019


On 10/06/2019 08:51, Tomáš Havlín wrote:
> Hello
> my smb.conf + working and no working ACL share folders
>
> [global]
> netbios name = FENIX
> realm = PFCZ.INTRA
> server role = active directory domain controller
> workgroup = PFCZ
> idmap_ldb:use rfc2307 = yes
> dns forwarder = 10.254.254.1
>
> unix extensions = no
> wide links = yes
> follow symlinks = yes
> bind interfaces only = yes
> interfaces = lo eno1
> max log size = 150000
>
> [netlogon]
> path = /var/lib/samba/sysvol/pfcz.intra/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [share] - working VFS:recycle, original share
>     path = /mnt/data1/share
>     read only = no
>
> [XXX] - no working VFS:recycle, testing share
>     path = /mnt/data1/XXX
>     read only = no
>     vfs object = recycle
>     recycle:repository = .deleted
>     recycle:keeptree = yes
>     recycle:touch = yes
>     recycle:version = yes
>     recycle:maxsize = 0
>     recycle:exclude = *.tmp
>     recycle:exclude_dir = /tmp
>
>
It looks to me that the VFS changes have caused this.

You are using a DC as a fileserver, this isn't recommended for  a start.

On a DC , 'vfs objects = acl_xattr' is set by default, this means that 
'inherit acls = yes' is set and you do not have a 
'recycle:directory_mode' line, so you will be using the default '0700'. 
Put this all together and what you are getting is correct, don't ask me 
why it worked before, but not now. It looks like it was actually wrong 
before but correct now ;-)

Rowland




More information about the samba mailing list