[Samba] confirm deletion - possible?
Rowland penny
rpenny at samba.org
Tue Jan 26 17:01:01 UTC 2021
On 26/01/2021 16:43, Stefan G. Weichinger via samba wrote:
> Am 26.01.21 um 13:16 schrieb Rowland penny via samba:
>> On 26/01/2021 12:03, Stefan G. Weichinger via samba wrote:
>>> I get feedback that the "power user" (userC in example below) isn't
>>> able to access all the deleted files of the other users.
>>>
>>> And something about 0 bytes files in there ....
>>
>> We had this recently, it is the way that Windows rename etc works, it
>> creates a NULL file then deletes it as part of the process.
>
> I haven't yet checked his mail in detail, but it sounds *wrong* to me?
>
> Does Windows fail here?
>
>>> userC is member of UNIX group "users"
>> If Windows is involved, then forget 'users' use 'Domain Users' (which
>> 'users' is a member of) instead.
>
> But it isn't a Domain Member or DC ... that's why I assumed ...
>
> And I also forced group users (for years now ... I think that server
> started in the days of samba-3.x).
Sorry, this thread has been going on so long, I forgot that 😅
>
>>> I assume I could/should get rid of stuff like "create mask" ? That
>>> is historical stuff from years ago, never touched because "works".
This is one of the failings of a standalone server in a Windows domain,
the users on the standalone server are not domain users, even if they
have the same names. There is no way I personally would use a standalone
server (which is akin to using a Windows Home edition) in a domain.
>>
>>
>> If Windows is involved, I would remove a lot of lines from the share
>> and then set the permissions from Windows.
>
> I see and agree.
>
> So it seems like: switch over to Windows ACLs first, then apply new
> permissions, test vfs_recycle after that.
I would add 'join the domain' in amongst all that 😁
Rowland
>
> Right?
>
> thanks @Rowland
>
More information about the samba
mailing list