[Samba] SAMBA AD VFS:Recycle bad permissions

Tomáš Havlín thavlin at spel.cz
Mon Jun 10 09:07:55 UTC 2019 

In the fact, I don't undestand. I have no problem with deleted files, 
and I have 700 on .deleted folder because I don't need to have users be 
able to open deleted folder with deleted files, it is only for me. If 
VFS:recycle is enabled, new created files on share folder (not .deleted 
folder, not deleted files) permission to this folder are limited by mask 
and owner is "root". Without VFS:recycle new created files have owner 
"user" and rights are fine. I tried to put recycle:directory_mode = 777 
to smb.conf, but nothing changed.

on XXX share
getfacl vvv.txt
# file: vvv.txt
# owner: root
# group: users
user::rw-
group::---
group:users:rwx #effective:r--
group:3000002:---
mask::r--
other::---


on original share
# getfacl aaa.txt
# file: aaa.txt
# owner: 3000000
# group: users
user::rwx
user:root:rwx
user:3000002:rwx
user:3000004:rwx
group::rwx
group:users:rwx
group:3000000:rwx
group:3000002:rwx
group:3000004:rwx
mask::rwx
other::---

------ Původní zpráva ------
Od: "Rowland penny via samba" <samba at lists.samba.org>
Komu: "sambalist" <samba at lists.samba.org>
Odesláno: 10.06.2019 10:32:39
Předmět: Re: [Samba] SAMBA AD VFS:Recycle bad permissions

>On 10/06/2019 08:51, Tomáš Havlín wrote:
>>Hello
>>my smb.conf + working and no working ACL share folders
>>
>>[global]
>>netbios name = FENIX
>>realm = PFCZ.INTRA
>>server role = active directory domain controller
>>workgroup = PFCZ
>>idmap_ldb:use rfc2307 = yes
>>dns forwarder = 10.254.254.1
>>
>>unix extensions = no
>>wide links = yes
>>follow symlinks = yes
>>bind interfaces only = yes
>>interfaces = lo eno1
>>max log size = 150000
>>
>>[netlogon]
>>path = /var/lib/samba/sysvol/pfcz.intra/scripts
>>read only = No
>>
>>[sysvol]
>>path = /var/lib/samba/sysvol
>>read only = No
>>
>>[share] - working VFS:recycle, original share
>>     path = /mnt/data1/share
>>     read only = no
>>
>>[XXX] - no working VFS:recycle, testing share
>>     path = /mnt/data1/XXX
>>     read only = no
>>     vfs object = recycle
>>     recycle:repository = .deleted
>>     recycle:keeptree = yes
>>     recycle:touch = yes
>>     recycle:version = yes
>>     recycle:maxsize = 0
>>     recycle:exclude = *.tmp
>>     recycle:exclude_dir = /tmp
>>
>>
>It looks to me that the VFS changes have caused this.
>
>You are using a DC as a fileserver, this isn't recommended for  a start.
>
>On a DC , 'vfs objects = acl_xattr' is set by default, this means that 'inherit acls = yes' is set and you do not have a 'recycle:directory_mode' line, so you will be using the default '0700'. Put this all together and what you are getting is correct, don't ask me why it worked before, but not now. It looks like it was actually wrong before but correct now ;-)
>
>Rowland
>
>
>-- To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list