[Samba] Permission problem with recyclebin

lists at zxt10d.de lists at zxt10d.de
Wed May 25 10:04:12 UTC 2022 

Am 25.05.2022 um 11:06 schrieb Rowland Penny via samba:
> On Wed, 2022-05-25 at 10:14 +0200, lists--- via samba wrote:
>> Good morning everybody :)
>>
>> I wanted to set-up a recyclebin on the [public]-folder, but its not
>> created and I can see this in the logfile:
>>
>> [2022/05/25 09:44:26.588219,  1]
>> ../../source3/modules/vfs_recycle.c:315(recycle_create_dir)
>>     recycle_create_dir: recycle: mkdirat failed for .recycle with
>> error:
>> Keine Berechtigung
>>
>> smb.conf:
>> [global]
>>           hosts allow = 127. 10.8.0. 10.2.2.0/255.255.255.0
>> aaa.bbb.ccc.ddd/255.255.255.0
>>           dos charset = 850
>>           unix charset = UTF-8
>>           store dos attributes = yes
>>           hide special files = yes
>>           hide dot files = yes
>>
>>           log file = /var/log/samba/log.%m
>>           logging = file
>>           log level = 1
>> auth_audit:3@/var/log/samba/samba_auth_audit.log
>>           max log size = 1000
>>           printcap name = /dev/null
>>           realm = %UNIVERSITY%.DE
>>           security = ADS
>>           server role = member server
>>           template homedir = /srv/data/samba/users/%U
>>           template shell = /bin/bash
>>           username map = /etc/samba/user.map
>>           workgroup = %UNIVERSITY%
>>           idmap config * : backend = autorid
>>           idmap config * : range = 10000-9999999
>>           idmap config * : unix_nss_info = yes
>>           idmap config * : schema_mode = rfc2307
>>           map acl inherit = Yes
>> #        vfs objects = acl_xattr
>>
>>           vfs objects = fruit streams_xattr
>>           fruit:metadata = stream
>>           fruit:model = MacSamba
>>           fruit:posix_rename = yes
>>           fruit:veto_appledouble = no
>>           fruit:wipe_intentionally_left_blank_rfork = yes
>>           fruit:delete_empty_adfiles = yes
>>           fruit:nfs_aces = no
>>
>> [Demo]
>>           path = /srv/data/samba/Demo/
>>           read only = No
>>
>> [public]
>> comment = Public-share
>> path = /srv/data/samba/public
>> writeable = yes
>> browseable = yes
>> public = yes
>> create mask = 0775
>> directory mask = 0775
>> root preexec = /batch/mkpublicdir.sh %U
>> # Papierkorb/recyclebin:
>> vfs objects = recycle full_audit
>> recycle:repository = .recyclebin.%u
>> recycle:keeptree = Yes
>> recycle:touch = Yes
>> recycle:versions = Yes
>> recycle:maxsize = 0
>> recycle:exclude =
>> ?~$*,~$*,index*.pl,index*.htm*,*.tmp,*.temp,*.TMP,*.TEMP
>> recycle:exclude_dir= /tmp,/temp,/cache
>> recycle:noversions = *.doc,*.xls,*.ppt
>>
>>
>> Permissions:
>> 10:00 root at R720xd:/var/log/samba# ls -l /srv/data/samba/
>> insgesamt 12
>> drwxr-xr-x 2 root %UNIVERSITY%\%AD_GROUP% 4096 24. Mai 13:56 Demo
>> drwxr-xr-x 3 root %UNIVERSITY%\%AD_GROUP% 4096 25. Mai 09:30 public
>> 10:00 root at R720xd:/var/log/samba#
>>
>> 10:00 root at R720xd:/var/log/samba# ls -al /srv/data/samba/public/
>> insgesamt 12
>> drwxr-xr-x 3
>> root                     %UNIVERSITY%\%AD_GROUP%      4096
>> 25. Mai 08:50 .
>> drwxr-xr-x 5
>> root                     root                         4096
>> 25. Mai 08:50 ..
>> drwxrwxrwx 2 %UNIVERSITY%\%AD_USER% %UNIVERSITY%\%AD_GROUP% 4096 25.
>> Mai
>> 09:15 %AD_USER%
>> 10:01 root at R720xd:/var/log/samba#
>>
>>
>> Which user ist used to create the recyclebin when deleting a file or
>> directory?
>>
>>
>> Thanks a lot, and have a nice day ;)
>> Torsten
> 
> You have an interesting share called 'public', it isn't public :-)
> It isn't public because, even though you have 'public = yes' set in the
> share, you do not have 'map to guest = bad user' set in 'global'
> 
> Your permissions problem is probably being caused by you turning off
> the default vfs objects in public ('vfs objects = recycle full_audit'
> will replace 'vfs objects = fruit streams_xattr')
> 
> You also have a couple of invalid 'idmap config' lines:
>           idmap config * : unix_nss_info = yes
>           idmap config * : schema_mode = rfc2307
> 
> They are not used with the 'autorid' idmap backend.
> 
> Rowland

Hi Rowland,

[x] added "map to guest = bad user" to [global]-section
[x] removed "idmap config * : unix_nss_info = yes"
[x] removed "idmap config * : schema_mode = rfc2307"
[x] removed the whole "fruit"-stuff
[x] removed "vfs objects = acl_xattr" from [global]-section
[x] changed "vfs objects = recycle full_audit" to "vfs objects = recycle 
full_audit acl_xattr" in [public]-section
[x] run "smbcontrol all reload-config"
After reconnecting to public-share, creating/deleting a file/directory I 
got the same error-message.

But I was able to solve it ... permissions for /srv/data/samba/public 
were wrong, as the .recyclebin-directory and/or 
.recyclebin/%user%-directory is created with the %user%-permissions - I 
thought that folder(s) would be created as root.
So I created a /srv/data/samba/public/.recyclebin-directory, did a chmod 
to 0777, and its useable.

Cheers,
Torsten

Thanks a lot for your hints!

More information about the samba mailing list