Project

General

Profile

Bug #73891

set appropriate permissions on .recycle directory

Added by Caleb St. John 13 days ago. Updated 9 days ago.

Status:
Done
Priority:
No priority
Assignee:
Andrew Walker
Category:
Services
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
HUY-748-54659
Hardware Configuration:
ChangeLog Required:
No

Description

We have a TrueNAS customer that has enabled the recycle bin functionality in Samba. They are getting hammered with error messages like similar.

[2019/01/21 12:05:46.738270, 1] ../source3/modules/vfs_recycle.c:311(recycle_create_dir)
recycle: mkdir failed for .recycle/jwheat with error: Permission denied

After discussion with Andrew Walker, an idea arose to fix this by doing the following.

1. if recycle bin is enabled
2. on connect, samba will "become root" and create the user directory underneath the .recycle directory
3. after creation, samba will chown that user directory to the ad user on connect

This will get around the permissions errors related to the .recycle directory that this customer is experiencing.


Related issues

Copied to FreeNAS - Bug #74262: set appropriate permissions on .recycle directoryIn Progress

History

#1 Updated by Bug Clerk 12 days ago

  • Status changed from Unscreened to In Progress

#2 Updated by Andrew Walker 12 days ago

When the ZFS aclmode property is set to "restricted" on a dataset and extended ACL entries exist on a file, then chmod() is denied. This breaks user expectations because samba fails to set the posix mode of the recycle repository. So we need to strip extended ACL entries when we create the initial ".recycle" directory, and thereby allow vfs_recycle to work as intended. (.recycle permissions controlled by "recycle:directory_mode = MODE" and subdirectory permissions controlled by "recycle:subdir_mode = MODE".

Change introduced will not affect existing consumers of the vfs_recycle module (we are not resetting permissions on existing .recycle directories / subdirectories).

Original semi-broken behavior can be restored by adding the auxiliary parameter: "recycle:preserveacl=Yes".

Steps to test:
1) create share with recycle checkbox checked (enabled).
2) create a test file and delete it via an SMB client.

#3 Updated by Bug Clerk 12 days ago

  • Status changed from In Progress to Ready for Testing

#4 Updated by Bug Clerk 12 days ago

  • Target version changed from Backlog to 11.3

#5 Updated by Bug Clerk 12 days ago

  • Copied to Bug #74262: set appropriate permissions on .recycle directory added

#6 Updated by Dru Lavigne 9 days ago

  • Status changed from Ready for Testing to Done
  • Target version changed from 11.3 to Master - FreeNAS Nightlies
  • Needs QA changed from Yes to No
  • Needs Merging changed from Yes to No

#8 Updated by Dru Lavigne 9 days ago

  • Private changed from Yes to No

Also available in: Atom PDF