-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Is it possible to give Domain Admins R/W access to user's .recycle folders?
- Thread starter bazzacad
- Start date
- Joined
- Mar 6, 2014
- Messages
- 9,553
You would have to define an appropriate ACL on the .recycle directory and disable the work I did to make the recycle bin work in the presence of extended ACL entries by adding the following undocumented recycle parameter
If you break something you get to keep the pieces. ;)
recycle: preserveacl = True If you break something you get to keep the pieces. ;)
- Joined
- Mar 6, 2014
- Messages
- 9,553
From the command line most likely, or by carefully configuring the recycle bin and using an SMB client as a domain admin.
There are significant limitations in this feature.
If you go with permissions above 0700 for the subdirectories in the recycle bin, you risk unintentional data exposure in the re-created directory tree. In almost all circumstances, it's better to configure a snapshot task for the dataset and use "previous versions" from a Windows client to restore the data. In fact, I'd go as far as saying that the recycle bin should only be set up after configuring a snapshot task.
This is because there are limited options for making ensuring that files are properly recycled when they traverse filesystem boundaries (i.e. datasets). The default recycle behavior if it fails to move the file to the recycle bin is to "purge" the file. I've considered creating separate per ZFS dataset .recycle directories to preserve the atomicity of recycling on nested datasets within shares, but this will require some significant changes to the recycle VFS module (I will have to use libzfs to detect the underlying dataset, and do this is a way that doesn't negatively impact performance).
Last edited:
