My NAS needs to store or transfer data with many people, and I need this feature to prevent certain individuals from deleting files that should not be deleted.
Snapshots would give you the ability to recover files and/or you could use permissions to make directories and/or datasets read-only to certain users.
I understand snapshots and ACLs, but these are not suitable solutions for me. I need others to have edit permissions while also preventing certain individuals from deleting files. Snapshots can only be performed periodically, and recovery isn’t convenient. So I would like to know if there’s a way to set the recycle bin so that only administrators can access it?
Previous versions?
1 Like
You can export the recycling bin on the share config but I don’t believe you can limit this to administrators only.
Recycle bin won’t prevent individuals from deleting files but would potentially give them a means of recovering these files. Previous versions would also give you this functionality which snapshots can be exposed via.
The only way to prevent certain individuals from deleting files is to limit their access.
Short answer: no.
Samba’s recycle module renames the file that is deleted to a a different path in the filesystem with the creds of the authenticated user. This means the user deleting the file has the absolute requirement of being able to write to dir it is being recycled to.
Also since it is a rename operation, permissions and ownership of the file itself are not changed by being recycled. This means that the original file owner will always be able to change its permissions and delete again if they desire.
Longer answer:
It would require a feature request and being put on a roadmap for the product. Since it introduces maintenance overhead and UX complexity it would have to be carefully considered (e.g. unlikely to be added) since there are generally better methods for doing file version management on TrueNAS.
Not sure if you’ve seen my video on Snapshots and “Previous Versions”, but it really does sound like this could be used for your problem.
