NS7 AD Recycle Bin

Hi everybody,
I have a question - how to prevent regular domain user from accessing Recycle Bin folder ?
Does it need to be setup via GPO ?

I didn’t find a way to set specific permissions for the recycle bin in samba docs. I think it’s intended to work in a way for users to get back their deleted files themselves.

In /etc/e-smith/templates/etc/samba/smb.conf/ibay-default/01vfs_recycle you find the settings for the recycle bin. You need to create a custom template from it and adjust it to your needs.

As a workaround you may hide the directory by changing samba config to create “.recycle” instead “Recycle Bin”.

repository => ".recycle"

Or maybe change permission for existing recycle bin directories with a cron script?

1 Like

@mrmarkuz

AFAIK, Synology uses something similiar, but when setting the share, there is the option to allow “Admin only”, or “Allowed Users” (Those allowed on the share).

Maybe I’ll check what options are set in the Synology. Samba is Samba, just the Version may be different…

We should be able to replicate this in NethServer.
:slight_smile:

Bingo:

Edit Template, test, document… :slight_smile:

My 2 cents
Andy

1 Like

Hm, it didn’t work in my tests and I can’t find these parameters in the samba docs. Do you know which version is used on synology?

Maybe they use a kind of config wrapper and just set permissions for the recycle folder when setting up the share or they grab the audit log or they work with snapshots… :thinking:

@des
It works to use an absolute path too so you could put deleted files to a directory outside the share for instance to /var/lib/nethserver/recycled.

Just create the directory and make it accessible for the users.

Edit the custom template as described here:

repository => "/var/lib/nethserver/recycled"

You may separate by user or machine or whatever with variables, for example have user directories where the deleted files will be stored:

repository => "/var/lib/nethserver/recycled/%U"

Additionally you could add a custom template to share /var/lib/nethserver/recycled with network permissions that only allow admins.

1 Like

@mrmarkuz

Hi

It seems, if you look a little lower in the config file, there some “special”, non standard samba directives.
eg:

edit synoacl=yes

And this is only “part” of the Samba config. The main part is called smb.conf, the shown screenshot is from smb.share.conf, where all share-specific stuff goes to.

I think they (Synology) use a highly tweaked config, in order to accomodate several Synology specific “features”, like:

  • Synology BtrFS (They are almost alone in using that, although I’ll admit it works well so far - several years).
  • Synology AD
  • Synology Samba

We don’t need to reverse engineer what Synology does, we just need to do it better and more transparently!

But your solution works well enough…

The Trash can will not get saved in a backup there, if I’m correct?

My 2 cents
Andy

/var/lib/nethserver is included by default:

image

EDIT:

Maybe we could use LVM snapshots and shadow copy?

https://wiki.samba.org/index.php/Rotating_LVM_snapshots_for_shadow_copy

1 Like