On 26/01/2021 12:03, Stefan G. Weichinger via samba wrote:> Am 22.01.21 um 10:25 schrieb Stefan G. Weichinger via samba: >> Am 21.01.21 um 11:01 schrieb Stefan G. Weichinger via samba: >> >>> I now follow a howto I found: >>> >>> https://dr-luthardt.de/linux.htm?tip=smbtrash >>> >>> the idea is: >>> >>> * hide .Trash via "veto files" >>> * share .Trash for a defined list of "valid users" as separate share >>> >>> looks promising, I wait for the user there to test my first draft >> >> To give feedback: >> >> they are happy for now with this approach. > > ... until now. > > I get feedback that the "power user" (userC in example below) isn't > able to access all the deleted files of the other users. > > And something about 0 bytes files in there ....We had this recently, it is the way that Windows rename etc works, it creates a NULL file then deletes it as part of the process.> > > userC is member of UNIX group "users"If Windows is involved, then forget 'users' use 'Domain Users' (which 'users' is a member of) instead.> > --- > > I assume I could/should get rid of stuff like "create mask" ? That is > historical stuff from years ago, never touched because "works".If Windows is involved, I would remove a lot of lines from the share and then set the permissions from Windows. Rowland
Am 26.01.21 um 13:16 schrieb Rowland penny via samba:> On 26/01/2021 12:03, Stefan G. Weichinger via samba wrote: >> I get feedback that the "power user" (userC in example below) isn't >> able to access all the deleted files of the other users. >> >> And something about 0 bytes files in there .... > > We had this recently, it is the way that Windows rename etc works, it > creates a NULL file then deletes it as part of the process.I haven't yet checked his mail in detail, but it sounds *wrong* to me? Does Windows fail here?>> userC is member of UNIX group "users" > If Windows is involved, then forget 'users' use 'Domain Users' (which > 'users' is a member of) instead.But it isn't a Domain Member or DC ... that's why I assumed ... And I also forced group users (for years now ... I think that server started in the days of samba-3.x).>> I assume I could/should get rid of stuff like "create mask" ? That is >> historical stuff from years ago, never touched because "works". > > > If Windows is involved, I would remove a lot of lines from the share and > then set the permissions from Windows.I see and agree. So it seems like: switch over to Windows ACLs first, then apply new permissions, test vfs_recycle after that. Right? thanks @Rowland