Samba recycle bin per user

sambasamba4

I am looking to solve my issue with Samba recycle bin..

I have users a1, a2, and a3, they all belong to group companya.

A samba server with the following configuration.

[global]
   workgroup = WORKGROUP
   server string = %h server (Samba, Ubuntu)
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000

# for syslog logging the following parameter to something higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d

####### Authentication #######

   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = no
   unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
   passwd program = /usr/bin/passwd %u


[Company-A]
   comment = Company A Files
   path = /samba/share/companya
   guest ok = no
   browseable = yes
   create mask = 0775
   directory mask = 0775
   writable = yes
   valid users = +companya
   vfs object = recycle:recycle full_audit:audit
   recycle:repository = .trash/%U
   recycle:maxsize = 0
   recycle:versions = Yes
   recycle:keeptree = Yes
   recycle:touch = No
   recycle:directory_mode = 0775

My issue is that I end up with the following after user a2 deletes his first file.

Share – Trash Viewable:

Trash – Users Recycling Folder View:

However when user a1 deletes a file… user a1's trash does not appear.
Has anyone come across this before?

It seems like only the person who first deletes a first deletes a file gets a recycle bin.

I need to get each user their own folder without having to manually create them.

Best Answer

It may not be a perfect solution, however I noticed that the .trash folder was created by user a2 with a primary group of NOT companya but a2 with the permissions rwxrwxr-x which means that a1 (an everybody) does not have permissions to create his trash bin label ./trash/a1.

rwxrwxr-x  a2  a2  -->  .trash/

therefore changing the share configuration to the following:

[Company-A]
   comment = Company A Files
   path = /samba/share/companya
   guest ok = no
   browseable = yes
   create mask = 0777
   directory mask = 0777
   writable = yes
   valid users = +companya
   vfs object = recycle:recycle full_audit:audit
   recycle:repository = .trash/%U
   recycle:maxsize = 0
   recycle:versions = Yes
   recycle:keeptree = Yes
   recycle:touch = No
   recycle:directory_mode = 0704

allows the .trash bin to be created with rwxrwxrwx allowing access to other users to write their trash bins retaining the ability to read others trash bins.

Related Solutions

Samba Permissions – I’m going to throw it!

This might help. I do something similar, but only one share is open to the group's users. Other shares are read-only except for a single maintainer user. The [global] section of my smb.conf is almost identical to yours, except I don't use the force create/directory mode directives (in my case, they'd interfere with the other shares).

Here's the share definition:

[shared stuff]
        comment = blah, blah, etc
        path = /path/to/share
        write list = @sambagroup
        force group = +sambagroup
        read only = yes
        directory mask = 0775
        create mask = 0664
        guest ok = yes
        invalid users = root
        case sensitive = True
        default case = lower
        preserve case = yes
        short preserve case = yes

The important stuff here are these:

read only = yes -- by default, read only.
guest ok = yes -- guests can browse.
write list = @sambagroup -- Authenticated members of sambagroup can write.
force group = +sambagroup -- The + means that the force only applies to existing members of sambagroup. They're already the only ones who can write. I think, without the +, guest is given sambagroup credentials, which is not wanted (particularly with the write list directive above).
directory mask = 0775
create mask = 0664

These do exactly what you want yours to do: "drwxrwxr-x" on directories, "rwxrwxr-x" on files, and newly created files are owned by the user and sambagroup. The maintainers of the other shares get the same permissions as everyone else when working in shared stuff, and permissions & groups are normal when they work in the other shares.

My smb.conf has been working with only minor tweaks through several different versions of Samba, and currently is used with Samba 3.2.5. I never had it running on Ubuntu 8.04, but it ran on Ubuntu 7.04 for a long time before getting migrated to a recent Debian Lenny install.

Ubuntu – Can Samba “security = user” be used for guest share without Windows login prompt

From http://blog.realcomputerguy.com/2010/12/samba-and-guest-shares-with-security.html?spref=tw

In a nutshell you need:

A username map file.
A valid 'nix "guest" user mapped to the Windows guest account ("nobody" in most distros).
Proper smb.conf configuration.

In this example our username map file is /etc/samba/smbusers. It maps a 'nix user to a Windows user.

In /etc/samba/smbusers (many distros include this file, but with the default commented out):

nobody = guest

In /etc/samba/smb.conf:

[global]
   ...
   security = user
   Map to guest = Bad User
   username map = /etc/samba/smbusers
   ...
-- no 'valid users =' line --

[theshare]
   ...
   guest ok = yes
-- no 'valid users =' line --

Best Answer

Related Solutions

Samba Permissions – I’m going to throw it!

Ubuntu – Can Samba “security = user” be used for guest share without Windows login prompt

Related Topic