dlandon Posted September 7, 2015 Author Share Posted September 7, 2015 make sure not to completely remove the smb-extra if you are using unassigned devices plugin - there are includes in there for it Myk The toggle switch on unassigned_devices controls the entry of the include in the smb-extra.conf. You may have to reset the toggles for those shares. Quote Link to comment
dlandon Posted September 7, 2015 Author Share Posted September 7, 2015 would prefer a include in the smb-extra file for recycle bin stuff - old plugin did this and the new one does as well include = /etc/samba/unassigned-shares/appdisk.conf include = /etc/samba/unassigned-shares/appdisk2.conf#vfs_recycle_start note the end of the 2nd include line... Myk There is a problem with vfs recycle and its handling of the smb-extra.conf when unassigned devices is also installed. The line: include = /etc/samba/unassigned-shares/appdisk2.conf#vfs_recycle_start Should be: include = /etc/samba/unassigned-shares/appdisk2.conf #vfs_recycle_start When vfs recycle is disabled it is taking out the unassigned devices "include..." line and the unassigned devices share is disabled because it removes the complete line instead of from the #vfs... which is the marker for the beginning of the vfs recycle code in the smb-extra.conf file. I have a fix but I need to check it when I'm not so tired. Quote Link to comment
MyKroFt Posted September 7, 2015 Share Posted September 7, 2015 Better option would include the RB conf from its plugin direcrory like unassigned does. Anything extra in the smb-extra gets clobbered like I posted no matter what is in it Quote Link to comment
MyKroFt Posted September 7, 2015 Share Posted September 7, 2015 Like include = /etc/samba/vfs_recycle/vfs.conf Which is copied from the plugin dir. So if pols need something custom the can mod the plugin very and it gets copied over (like removing the . ) Also the empty script must figure out the direction from the conference because the notification script must be hard coded with the . As it gets a missing dir error when I renamed mine but the empty script works just fine. Thanks Myk Quote Link to comment
MyKroFt Posted September 7, 2015 Share Posted September 7, 2015 [quote name="MyKroFt" post="407288" timestamp="1441596193"] Like Include = /etc/samba/vfs_recycle/vfs.conf Which is copied from the plugin dir. So if pols need something custom the can mod the plugin very and it gets copied over (like removing the . ) Also the empty script must figure out the direction from the conference because the notification script must be hard coded with the . As it gets a missing dir error when I renamed mine but the empty script works just fine. Thanks Myk Quote Link to comment
MyKroFt Posted September 7, 2015 Share Posted September 7, 2015 Like include = /etc/samba/vfs_recycle/vfs.conf Which is copied from the plugin dir. So if ppls need something custom thy can mod the plugin conf and it gets copied over (like removing the . ) Also the empty script must figure out the direction from the conference because the notification script must be hard coded with the . As it gets a missing dir error when I renamed mine but the empty script works just fine. Thanks Myk Quote Link to comment
MyKroFt Posted September 7, 2015 Share Posted September 7, 2015 Like include = /etc/samba/vfs_recycle/vfs.conf Which is copied from the plugin dir. So if pols need something custom the can mod the plugin very and it gets copied over (like removing the . ) Also the empty script must figure out the directory from the conf file because the notification script must be hard coded with the . As it gets a missing dir error when I renamed mine but the empty script works just fine. Thanks Myk Quote Link to comment
trurl Posted September 7, 2015 Share Posted September 7, 2015 Wow! A quadruple post and I still don't get it. Quote Link to comment
MyKroFt Posted September 7, 2015 Share Posted September 7, 2015 Dunno what happened. Will wait to explain better when I get home Quote Link to comment
dlandon Posted September 7, 2015 Author Share Posted September 7, 2015 Better option would include the RB conf from its plugin direcrory like unassigned does. Anything extra in the smb-extra gets clobbered like I posted no matter what is in it The part that vfs recycle inserts into the smb-extra.conf is from a file that is on the flash drive at /boot/config/plugins/vfs_recycle/config/smb-extra.conf. If you feel that you need to make your own customizations, you can make them there and they are copied into the /boot/config/smb-extra.conf. You can't rename the .Recycle.Bin file name in this file and expect the plugin to work. The .Recycle.Bin name is hard coded into the plugin rc.vfs_plg script that handles the start, stop, etc operations and the webgui php. I did some research and found this at the samba website: A directory called .recycle will be automatically created when the first file is deleted and recycle:repository is not configured. It seems that the default file for the vfs recycle bin is a dot file. The reason for that is that the file would be hidden to casual browsing. In the case of unRAID, I don't know why we can browse to that hidden folder, but we technically shouldn't be able to. The folder should be hidden but still accessible by the path //tower/.Recycle.Bin. I think on unRAID the .Recycle.Bin folder should not show when browsing. I would prefer it to be hidden so it does not show up to the casual browser on the network. Right now I have some security concerns. If a file is deleted by a spefific user, can other users see the files in the .Recycle.bin folder and potentially recover them without having the original user permissions? I think yes and this concerns me. I am going to post to LT and get some answers on the recycle bin share and the default permissions. I want to end up with the recycle bin operation as it is but be sure access to the recycle bin is not public. Quote Link to comment
BRiT Posted September 7, 2015 Share Posted September 7, 2015 Try adding the following to the recyclebin share settings to make it hidden: browsable = no Quote Link to comment
BRiT Posted September 7, 2015 Share Posted September 7, 2015 Also here some sample setup for secure or private share settings: [disk4] path = /mnt/disk4 comment = browseable = no # Private writeable = no read list = write list = adminuser valid users = adminuser [cache] path = /mnt/cache comment = browseable = yes # Public public = yes writeable = yes [Anime] path = /mnt/user/Anime comment = Anime Movies and Shows browseable = yes # Secure public = yes writeable = no write list = adminuser,htpcuser Quote Link to comment
trurl Posted September 7, 2015 Share Posted September 7, 2015 The ability to "hide" dotted files is a new feature which you can supposedly turn on or off under SMB Settings, which is off by default (i.e., don't hide). I just turned it on but I can still see RecycleBin. Windows has always shown it to me without the dots, I assume because that is how that section is named in smb-extra. I tried logging out and back in to Windows but it still shows. Don't know if that's Windows fault or not. I also browsed to it using my wife's account on the PC, and that user has never seen it so I don't know if Windows is caching it across all users or what, but I can't get it to "hide" using the SMB Setting. I see while I was typing BRiT added some ideas about hiding it, which I will use with another custom mount point I have. Thanks Quote Link to comment
dlandon Posted September 7, 2015 Author Share Posted September 7, 2015 Try adding the following to the recyclebin share settings to make it hidden: browsable = no That did hide it. I like that. I'm still looking for access control. The recycle bin can be accessed by "//Tower/RecycleBin". I will implement the hidden attribute. Quote Link to comment
BRiT Posted September 7, 2015 Share Posted September 7, 2015 @dlandon to make it so no one can read or write to it, try setting it up as a private share but list no users that can read, write, or are valid. To specify a group use the "@" symbol as a prefix. # Private writeable = no read list = write list = valid users = Excerpt From here: https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html User-Based Protection If you want to restrict access to your server to valid users only, then the following method may be of use. In the smb.conf [global] section put: valid users = @smbusers, jacko This restricts all server access either to the user jacko or to members of the system group smbusers. Here's more reading material on Samba users and shares: https://www.samba.org/samba/docs/using_samba/ch09.html Quote Link to comment
trurl Posted September 7, 2015 Share Posted September 7, 2015 The plugin appears to by wiping out some other smb-extra.conf settings I had. Does it create the file from scratch, or does it append onto what's already there? Quote Link to comment
dlandon Posted September 7, 2015 Author Share Posted September 7, 2015 The plugin appears to by wiping out some other smb-extra.conf settings I had. Does it create the file from scratch, or does it append onto what's already there? It's supposed to append what is there, but there is a bug causing it to wipe out the settings. I have a fix. I am working on security settings and then I'll release a new version. Quote Link to comment
dlandon Posted September 7, 2015 Author Share Posted September 7, 2015 I've just issued an update to the plugin that fixes several things and I've added more control over the Recycle Bin. The problem with botching up entries in the smb-extra.conf file should be fixed. I also added two new items to the webgui that give more control over the Recycle Bin. You can now select whether or not the Recycle Bin is browseable. You can modify the .Recycle.Bin parameters for more control over the Recycle Bin file structure. You will have to uninstall the previous version of the plugin for the new settings to work properly. The Recycle Bin will be emptied when you remove the plugin. Quote Link to comment
trurl Posted September 7, 2015 Share Posted September 7, 2015 Appears to be working for me. One oddity I noticed though. When I delete a file from my flash share, it creates the directory structure for it, but no file. Deleting from my normal user shares works as expected. Maybe something to do with the /boot path vs the /mnt path. Not worth worrying about if you don't see an obvious fix. Quote Link to comment
dlandon Posted September 7, 2015 Author Share Posted September 7, 2015 Appears to be working for me. One oddity I noticed though. When I delete a file from my flash share, it creates the directory structure for it, but no file. Deleting from my normal user shares works as expected. Maybe something to do with the /boot path vs the /mnt path. Not worth worrying about if you don't see an obvious fix. I see the same thing. I believe that is beyond my control because it is handled by vfs recycle. Quote Link to comment
BRiT Posted September 7, 2015 Share Posted September 7, 2015 @dlandon if you want to add even more features, there are options for min and max filesizes. https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html#id2651247 recycle:minsize = BYTES Files that are smaller than the number of bytes specified by this parameter will not be put into the repository. recycle:maxsize = BYTES Files that are larger than the number of bytes specified by this parameter will not be put into the repository. Quote Link to comment
dlandon Posted September 7, 2015 Author Share Posted September 7, 2015 @dlandon if you want to add even more features, there are options for min and max filesizes. https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html#id2651247 recycle:minsize = BYTES Files that are smaller than the number of bytes specified by this parameter will not be put into the repository. recycle:maxsize = BYTES Files that are larger than the number of bytes specified by this parameter will not be put into the repository. I'll ponder that. I've already added additional security options: Recycle Bin browseable or hidden. Read only/Read Write. Additional users allowed access besides 'admin'. I'm preparing another release for this evening. I think for the moment I will wrap it up and revisit it another time. Quote Link to comment
dlandon Posted September 7, 2015 Author Share Posted September 7, 2015 I've just released an update that adds more security control over the Recycle Bin. I've added a switch to set the Recycle Bin as read only or read/write Now you can add additional Users to allow them access.. The 'admin' User always has access. You will have to remove the plugin and re-install it for the new settings to work properly. There is a user that posted on the V6.1.1 release post that the vfs recycle plugin created a "Documento" user share and it hosed up his server. Has anyone else had this experience? Quote Link to comment
saarg Posted September 8, 2015 Share Posted September 8, 2015 Didn't the Documentos share come from the unassigned device plugin? Quote Link to comment
dlandon Posted September 8, 2015 Author Share Posted September 8, 2015 Yes, but he is convinced the vfs recycle plugin is what did it. I have unassigned devices on my test server and had the issue there with unassigned devices adding the Documentos share, but I don't see how the vfs recycle plugin could do anything to bring that in. The vfs recycle doesn't do anything with any shares. He says he has never had unassigned devices installed. Strange. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.