[Samba] Recycle bin and ACL - Samba

This is a discussion on [Samba] Recycle bin and ACL - Samba ; Hello, we are using the vfs module recycle with the following config: vfs objects = recycle recycle: repository = .Papierkorb recycle:directory_mode = 0777 recycle:subdir_mode = 0777 recycle: keeptree = Yes recycle: exclude = *.tmp, *.temp, *.log, *.ldb recycle: exclude_dir = ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Samba] Recycle bin and ACL

  1. [Samba] Recycle bin and ACL

    Hello,

    we are using the vfs module recycle with the following config:

    vfs objects = recycle
    recycle: repository = .Papierkorb
    recycle:directory_mode = 0777
    recycle:subdir_mode = 0777
    recycle: keeptree = Yes
    recycle: exclude = *.tmp, *.temp, *.log, *.ldb
    recycle: exclude_dir = tmp
    recycle:versions = Yes


    Problem is that everybody can see deleted documents in the
    recycle bin.


    But if I set recycle:subdir_mode = 0770 then members of the group
    can not delete into the recycle bin. This is because we are using ACLs.


    For example a directory has following ACL:

    $ getfacl ttt
    # file: ttt
    # owner: root
    # group: Domain\040Admins
    user::rwx
    group::rwx
    grouprojekt-rw:rwx
    grouprojekt-r:r-x
    mask::rwx
    other::---


    If I delete a file in directory ttt, this directory is created in the recycle bin
    with following ACLs:

    $ getfacl ttt
    # file: ttt
    # owner: jensenh
    # group: Domain\040Admins
    user::rwx
    group::rwx
    other::---


    As you can see the ACLs are lost. This means another member of group projekt-rw will
    be unable to delete something into the recycle bin.

    So the only solution is to set directory mode and/or subdir mode to 777. This is far from
    optimum. Has anybody another solution?


    Regards,

    Henry

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Recycle bin and ACL

    Greeting Henry,

    I don't have use recycle:directory_mode and recycle:directory_mode
    parameters yet. But try to remove these parameters and set on the
    ..Papierkorb directory 2770 POSIX permission. After set ACL permisson for
    projekt-rw group.

    chmod 2770 .Papierkorb
    chown root:root .Papierkorb

    setfacl -m grouprojekt-rw:rwx .Papierkorb
    setfacl -d -m grouprojekt-rw:rwx .Papierkorb

    With this, only the owner name will change. The permission for group
    will always be the same as you wish. And on the share you can set these
    parameters to be sure that all work correctly

    force create mode = 660
    directory mode = 770

    Hope that will work!

    Regards,

    Robert

    --
    Cybionet - Solution reseautique
    http://www.cybionet.com


    > Hello,
    >
    > we are using the vfs module recycle with the following config:
    >
    > vfs objects = recycle
    > recycle: repository = .Papierkorb
    > recycle:directory_mode = 0777
    > recycle:subdir_mode = 0777
    > recycle: keeptree = Yes
    > recycle: exclude = *.tmp, *.temp, *.log, *.ldb
    > recycle: exclude_dir = tmp
    > recycle:versions = Yes
    >
    >
    > Problem is that everybody can see deleted documents in the
    > recycle bin.
    >
    >
    > But if I set recycle:subdir_mode = 0770 then members of the group
    > can not delete into the recycle bin. This is because we are using ACLs.
    >
    >
    > For example a directory has following ACL:
    >
    > $ getfacl ttt
    > # file: ttt
    > # owner: root
    > # group: Domain\040Admins
    > user::rwx
    > group::rwx
    > grouprojekt-rw:rwx
    > grouprojekt-r:r-x
    > mask::rwx
    > other::---
    >
    >
    > If I delete a file in directory ttt, this directory is created in the recycle bin
    > with following ACLs:
    >
    > $ getfacl ttt
    > # file: ttt
    > # owner: jensenh
    > # group: Domain\040Admins
    > user::rwx
    > group::rwx
    > other::---
    >
    >
    > As you can see the ACLs are lost. This means another member of group projekt-rw will
    > be unable to delete something into the recycle bin.
    >
    > So the only solution is to set directory mode and/or subdir mode to 777. This is far from
    > optimum. Has anybody another solution?
    >
    >
    > Regards,
    >
    > Henry
    >
    >


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread