[Samba] Permission problem with recyclebin
Rowland Penny
rpenny at samba.org
Wed May 25 09:06:15 UTC 2022
On Wed, 2022-05-25 at 10:14 +0200, lists--- via samba wrote:
> Good morning everybody :)
>
> I wanted to set-up a recyclebin on the [public]-folder, but its not
> created and I can see this in the logfile:
>
> [2022/05/25 09:44:26.588219, 1]
> ../../source3/modules/vfs_recycle.c:315(recycle_create_dir)
> recycle_create_dir: recycle: mkdirat failed for .recycle with
> error:
> Keine Berechtigung
>
> smb.conf:
> [global]
> hosts allow = 127. 10.8.0. 10.2.2.0/255.255.255.0
> aaa.bbb.ccc.ddd/255.255.255.0
> dos charset = 850
> unix charset = UTF-8
> store dos attributes = yes
> hide special files = yes
> hide dot files = yes
>
> log file = /var/log/samba/log.%m
> logging = file
> log level = 1
> auth_audit:3@/var/log/samba/samba_auth_audit.log
> max log size = 1000
> printcap name = /dev/null
> realm = %UNIVERSITY%.DE
> security = ADS
> server role = member server
> template homedir = /srv/data/samba/users/%U
> template shell = /bin/bash
> username map = /etc/samba/user.map
> workgroup = %UNIVERSITY%
> idmap config * : backend = autorid
> idmap config * : range = 10000-9999999
> idmap config * : unix_nss_info = yes
> idmap config * : schema_mode = rfc2307
> map acl inherit = Yes
> # vfs objects = acl_xattr
>
> vfs objects = fruit streams_xattr
> fruit:metadata = stream
> fruit:model = MacSamba
> fruit:posix_rename = yes
> fruit:veto_appledouble = no
> fruit:wipe_intentionally_left_blank_rfork = yes
> fruit:delete_empty_adfiles = yes
> fruit:nfs_aces = no
>
> [Demo]
> path = /srv/data/samba/Demo/
> read only = No
>
> [public]
> comment = Public-share
> path = /srv/data/samba/public
> writeable = yes
> browseable = yes
> public = yes
> create mask = 0775
> directory mask = 0775
> root preexec = /batch/mkpublicdir.sh %U
> # Papierkorb/recyclebin:
> vfs objects = recycle full_audit
> recycle:repository = .recyclebin.%u
> recycle:keeptree = Yes
> recycle:touch = Yes
> recycle:versions = Yes
> recycle:maxsize = 0
> recycle:exclude =
> ?~$*,~$*,index*.pl,index*.htm*,*.tmp,*.temp,*.TMP,*.TEMP
> recycle:exclude_dir= /tmp,/temp,/cache
> recycle:noversions = *.doc,*.xls,*.ppt
>
>
> Permissions:
> 10:00 root at R720xd:/var/log/samba# ls -l /srv/data/samba/
> insgesamt 12
> drwxr-xr-x 2 root %UNIVERSITY%\%AD_GROUP% 4096 24. Mai 13:56 Demo
> drwxr-xr-x 3 root %UNIVERSITY%\%AD_GROUP% 4096 25. Mai 09:30 public
> 10:00 root at R720xd:/var/log/samba#
>
> 10:00 root at R720xd:/var/log/samba# ls -al /srv/data/samba/public/
> insgesamt 12
> drwxr-xr-x 3
> root %UNIVERSITY%\%AD_GROUP% 4096
> 25. Mai 08:50 .
> drwxr-xr-x 5
> root root 4096
> 25. Mai 08:50 ..
> drwxrwxrwx 2 %UNIVERSITY%\%AD_USER% %UNIVERSITY%\%AD_GROUP% 4096 25.
> Mai
> 09:15 %AD_USER%
> 10:01 root at R720xd:/var/log/samba#
>
>
> Which user ist used to create the recyclebin when deleting a file or
> directory?
>
>
> Thanks a lot, and have a nice day ;)
> Torsten
You have an interesting share called 'public', it isn't public :-)
It isn't public because, even though you have 'public = yes' set in the
share, you do not have 'map to guest = bad user' set in 'global'
Your permissions problem is probably being caused by you turning off
the default vfs objects in public ('vfs objects = recycle full_audit'
will replace 'vfs objects = fruit streams_xattr')
You also have a couple of invalid 'idmap config' lines:
idmap config * : unix_nss_info = yes
idmap config * : schema_mode = rfc2307
They are not used with the 'autorid' idmap backend.
Rowland
More information about the samba
mailing list