set appropriate permissions on .recycle directory
We have a TrueNAS customer that has enabled the recycle bin functionality in Samba. They are getting hammered with error messages like similar.
[2019/01/21 12:05:46.738270, 1] ../source3/modules/vfs_recycle.c:311(recycle_create_dir) recycle: mkdir failed for .recycle/jwheat with error: Permission denied
After discussion with Andrew Walker, an idea arose to fix this by doing the following.
1. if recycle bin is enabled
2. on connect, samba will "become root" and create the user directory underneath the .recycle directory
3. after creation, samba will chown that user directory to the ad user on connect
This will get around the permissions errors related to the .recycle directory that this customer is experiencing.
#2 Updated by Andrew Walker over 1 year ago
When the ZFS aclmode property is set to "restricted" on a dataset and extended ACL entries exist on a file, then chmod() is denied. This breaks user expectations because samba fails to set the posix mode of the recycle repository. So we need to strip extended ACL entries when we create the initial ".recycle" directory, and thereby allow vfs_recycle to work as intended. (.recycle permissions controlled by "recycle:directory_mode = MODE" and subdirectory permissions controlled by "recycle:subdir_mode = MODE".
Change introduced will not affect existing consumers of the vfs_recycle module (we are not resetting permissions on existing .recycle directories / subdirectories).
Original semi-broken behavior can be restored by adding the auxiliary parameter: "recycle:preserveacl=Yes".
Steps to test:
1) create share with recycle checkbox checked (enabled).
2) create a test file and delete it via an SMB client.