Recycle Bin (vfs recycle) for SMB Shares


dlandon

Recommended Posts

make sure not to completely remove the smb-extra if you are using unassigned devices plugin - there are includes in there for it

 

Myk

 

The toggle switch on unassigned_devices controls the entry of the include in the smb-extra.conf.  You may have to reset the toggles for those shares.

Link to comment

would prefer a include in the smb-extra file for recycle bin stuff - old plugin did this and the new one does as well

 

include = /etc/samba/unassigned-shares/appdisk.conf
include = /etc/samba/unassigned-shares/appdisk2.conf#vfs_recycle_start

 

note the end of the 2nd include line...

 

Myk

 

There is a problem with vfs recycle and its handling of the smb-extra.conf when unassigned devices is also installed.  The line:

 

include = /etc/samba/unassigned-shares/appdisk2.conf#vfs_recycle_start

 

Should be:

 

include = /etc/samba/unassigned-shares/appdisk2.conf
#vfs_recycle_start

 

When vfs recycle is disabled it is taking out the unassigned devices "include..." line and the unassigned devices share is disabled because it removes the complete line instead of from the #vfs... which is the marker for the beginning of the vfs recycle code in the smb-extra.conf file.

 

I have a fix but I need to check it when I'm not so tired.

Link to comment

Like

 

include = /etc/samba/vfs_recycle/vfs.conf

 

Which is copied from the plugin dir.  So if pols need something custom the can mod the plugin very and it gets copied over (like removing the . )

 

Also the empty script must figure out the direction from the conference because the notification script must be hard coded with the . As it gets a missing dir error when I renamed mine but the empty script works just fine.

 

Thanks

Myk

Link to comment

[quote name="MyKroFt" post="407288" timestamp="1441596193"]
Like

Include = /etc/samba/vfs_recycle/vfs.conf

 

Which is copied from the plugin dir.  So if pols need something custom the can mod the plugin very and it gets copied over (like removing the . )

 

Also the empty script must figure out the direction from the conference because the notification script must be hard coded with the . As it gets a missing dir error when I renamed mine but the empty script works just fine.

 

Thanks

Myk

Link to comment

Like

 

include = /etc/samba/vfs_recycle/vfs.conf

 

Which is copied from the plugin dir.  So if ppls need something custom thy can mod the plugin conf  and it gets copied over (like removing the . )

 

Also the empty script must figure out the direction from the conference because the notification script must be hard coded with the . As it gets a missing dir error when I renamed mine but the empty script works just fine.

 

Thanks

Myk

Link to comment

Like

 

include = /etc/samba/vfs_recycle/vfs.conf

 

Which is copied from the plugin dir.  So if pols need something custom the can mod the plugin very and it gets copied over (like removing the . )

 

Also the empty script must figure out the directory from the conf file because the notification script must be hard coded with the . As it gets a missing dir error when I renamed mine but the empty script works just fine.

 

Thanks

Myk

Link to comment

Better option would include the RB conf from its plugin direcrory like unassigned does.  Anything extra in the smb-extra gets clobbered like I posted no matter what is in it

 

The part that vfs recycle inserts into the smb-extra.conf is from a file that is on the flash drive at /boot/config/plugins/vfs_recycle/config/smb-extra.conf.  If you feel that you need to make your own customizations, you can make them there and they are copied into the /boot/config/smb-extra.conf.

 

You can't rename the .Recycle.Bin file name in this file and expect the plugin to work.  The .Recycle.Bin name is hard coded into the plugin rc.vfs_plg script that handles the start, stop, etc operations and the webgui php.

 

I did some research and found this at the samba website:

A directory called .recycle will be automatically created when the first file is deleted and recycle:repository is not configured.

 

It seems that the default file for the vfs recycle bin is a dot file.  The reason for that is that the file would be hidden to casual browsing.  In the case of unRAID, I don't know why we can browse to that hidden folder, but we technically shouldn't be able to.  The folder should be hidden but still accessible by the path //tower/.Recycle.Bin.

 

I think on unRAID the .Recycle.Bin folder should not show when browsing.  I would prefer it to be hidden so it does not show up to the casual browser on the network.

 

Right now I have some security concerns.  If a file is deleted by a spefific user, can other users see the files in the .Recycle.bin folder and potentially recover them without having the original user permissions?  I think yes and this concerns me.

 

I am going to post to LT and get some answers on the recycle bin share and the default permissions.  I want to end up with the recycle bin operation as it is but be sure access to the recycle bin is not public.

Link to comment

Also here some sample setup for secure or private share settings:

 

 

[disk4]

        path = /mnt/disk4

        comment =

        browseable = no

        # Private

        writeable = no

        read list =

        write list = adminuser

        valid users =  adminuser

[cache]

        path = /mnt/cache

        comment =

        browseable = yes

        # Public

        public = yes

        writeable = yes

[Anime]

        path = /mnt/user/Anime

        comment = Anime Movies and Shows

        browseable = yes

        # Secure

        public = yes

        writeable = no

        write list = adminuser,htpcuser

Link to comment

The ability to "hide" dotted files is a new feature which you can supposedly turn on or off under SMB Settings, which is off by default (i.e., don't hide). I just turned it on but I can still see RecycleBin. Windows has always shown it to me without the dots, I assume because that is how that section is named in smb-extra.

 

I tried logging out and back in to Windows but it still shows. Don't know if that's Windows fault or not. I also browsed to it using my wife's account on the PC, and that user has never seen it so I don't know if Windows is caching it across all users or what, but I can't get it to "hide" using the SMB Setting.

 

I see while I was typing BRiT added some ideas about hiding it, which I will use with another custom mount point I have. Thanks

Link to comment

@dlandon to make it so no one can read or write to it, try setting it up as a private share but list no users that can read, write, or are valid. To specify a group use the "@" symbol as a prefix.

 

        # Private
        writeable = no
        read list =
        write list = 
        valid users =

 

Excerpt From here: https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html

User-Based Protection

 

If you want to restrict access to your server to valid users only, then the following method may be of use. In the smb.conf [global] section put:

valid users = @smbusers, jacko

 

This restricts all server access either to the user jacko or to members of the system group smbusers.

 

Here's more reading material on Samba users and shares: https://www.samba.org/samba/docs/using_samba/ch09.html

 

Link to comment

The plugin appears to by wiping out some other smb-extra.conf settings I had. Does it create the file from scratch, or does it append onto what's already there?

 

It's supposed to append what is there, but there is a bug causing it to wipe out the settings.  I have a fix.  I am working on security settings and then I'll release a new version.

Link to comment

I've just issued an update to the plugin that fixes several things and I've added more control over the Recycle Bin.

 

The problem with botching up entries in the smb-extra.conf file should be fixed.

 

I also added two new items to the webgui that give more control over the Recycle Bin.

  • You can now select whether or not the Recycle Bin is browseable.
  • You can modify the .Recycle.Bin parameters for more control over the Recycle Bin file structure.

 

You will have to uninstall the previous version of the plugin for the new settings to work properly.  The Recycle Bin will be emptied when you remove the plugin.

Link to comment

Appears to be working for me. One oddity I noticed though. When I delete a file from my flash share, it creates the directory structure for it, but no file. Deleting from my normal user shares works as expected. Maybe something to do with the /boot path vs the /mnt path. Not worth worrying about if you don't see an obvious fix.

Link to comment

Appears to be working for me. One oddity I noticed though. When I delete a file from my flash share, it creates the directory structure for it, but no file. Deleting from my normal user shares works as expected. Maybe something to do with the /boot path vs the /mnt path. Not worth worrying about if you don't see an obvious fix.

 

I see the same thing.  I believe that is beyond my control because it is handled by vfs recycle.

Link to comment

@dlandon if you want to add even more features, there are options for min and max filesizes. ;D

https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html#id2651247

 

recycle:minsize = BYTES

    Files that are smaller than the number of bytes specified by this parameter will not be put into the repository.

 

recycle:maxsize = BYTES

    Files that are larger than the number of bytes specified by this parameter will not be put into the repository.

Link to comment

@dlandon if you want to add even more features, there are options for min and max filesizes. ;D

https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html#id2651247

 

recycle:minsize = BYTES

    Files that are smaller than the number of bytes specified by this parameter will not be put into the repository.

 

recycle:maxsize = BYTES

    Files that are larger than the number of bytes specified by this parameter will not be put into the repository.

 

I'll ponder that.  I've already added additional security options:

  • Recycle Bin browseable or hidden.
  • Read only/Read Write.
  • Additional users allowed access besides 'admin'.

 

I'm preparing another release for this evening.

 

I think for the moment I will wrap it up and revisit it another time.

Link to comment

I've just released an update that adds more security control over the Recycle Bin.  I've added a switch to set the Recycle Bin as read only or read/write  Now you can add additional Users to allow them access..  The 'admin' User always has access.

 

You will have to remove the plugin and re-install it for the new settings to work properly.

 

There is a user that posted on the V6.1.1 release post that the vfs recycle plugin created a "Documento" user share and it hosed up his server.  Has anyone else had this experience?

Link to comment

Yes, but he is convinced the vfs recycle plugin is what did it.  I have unassigned devices on my test server and had the issue there with unassigned devices adding the Documentos share, but I don't see how the vfs recycle plugin could do anything to bring that in.  The vfs recycle doesn't do anything with any shares.

 

He says he has never had unassigned devices installed.  Strange.

Link to comment
  • dlandon changed the title to Recycle Bin (vfs recycle) for SMB Shares

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.