Limit Access to Recycle Bin

Support
1

NethServer Version: 8
Module: Samba

Hi everyone!

I’m using the recycle bin option, but I noticed that the user has full access to the recycle bin.

I would like to limit this access and grant full access only to Administrators.

My environment:

  • Server name: fileserver
  • Each share has a group. Example:
    Share: Marketing
    Access Group: GS_MARKETING
  • I use RSAT to add GPOs and permissions for shared folders.

Attempts:

  • I removed the GS_MARKETING group from the \\fileserver\Marketing\.recycle folder
  • But when deleting a file or folder from a user in the GS_MARKETING group, the Network Server creates a folder inside .recycle with the user’s name, and this folder has local access.

The user cannot access \\fileserver\Marketing\.recycle, but can access it by entering \fileserver\Marketing.recycle\username.

Best Regards,

2

This is the way the Samba recycle bin works by default, see https://www.samba.org/samba/docs/current/man-html/vfs_recycle.8.html

You could try to change the directory_mode via the include.conf file so nobody except Administrator has access, see also AD LDAP binding error (strong authentification required) - #4 by davidep how to customize include.conf.

Another idea is to put the recycled files on another share where only Domain Admins have access.

In this example testshare1 is the share that the user has access to and testshare2 is only accessible by Domain Admins. To set the recycle bin location for testshare1 to testshare2/<Sharename>/<Username>

net conf setparm testshare1 recycle:repository /srv/shares/testshare2/Recycle/%S/%U
1 Like
3

Thanks so much for your feedback!

I’ll run the test and get back to you on this topic.

1 Like
4

Hi everyone! Sorry for delay.

I used the command above, but the user could still access the folder if they typed //server/recycle/share/username, or they could delete a file using cmd.

I created a Recycle folder inside the samba-dc container, in /srv/shares/Recycle/sharename, added the drwxrwxr-x root users permissions, and ran net conf to change the recycle bin directory.

The Recycle Bin is working as I wanted. the user doesn’t have access, only those with server access can restore the files.

Thank you for your help @mrmarkuz .

I’ll leave the commands I used in case you need them.

  1. Enter the Container
    runagent -m samba podman exec -ti samba-dc bash

  2. Create the Recycle folder in /srv/shares, and then create folders named after the shares (e.g., sharename1).

  3. Assign recursive permissions to the Recycle folder.
    chown -R root:users /srv/shares/Recycle
    chmod -R 775 /srv/shares/Recycle

  4. Change the Recycle Bin directory using net conf, as mentioned by @mrmarkuz.
    net conf setparm sharename1 recycle:repository /srv/shares/Recycle/sharename1

  5. Exit and restart the container.
    runagent -m samba2 podman restart samba-dc

Note: When using variables like %S or %U in net conf, I received an error when trying to access the shares through NetServer. (https://server/cluster-admin/#/apps/samba2?page=shares). The shares were not being displayed. When I removed the variables, the error disappeared, so I didn’t use variables.

Edit: The drwxrwxr-x root users permissions must be set for each new directory created in /srv/shares/Recycle.

1 Like