Cover V10, I07


Samba-Based Network Recycle Bin

Brandon Stone

The day-to-day administration of heterogeneous networks can be complex. Systems administrators are constantly presented with significant challenges controlling the backup, restoration, and management of user data. This complexity has been somewhat reduced with the modern implementation of scalable centralized storage. However, those servers create another problem; their size is pushing traditional tape drive technology to the limits. Protecting network file servers with tape media is starting to exceed the time window available for both backup and restore operations. It is now reasonable to use online disk storage as a complement to nightly backups, as the cost/GB of disk storage steadily approaches the cost of tape storage. This concept of online backups has been incorporated in the high-end storage market, and it is logical to include similar functionality in Samba.

By leveraging Samba's cross-platform connectivity, the patch described in this article rewrites the Samba delete function and effectively replaces it with a move. End users can quickly recover deleted files without requiring technical assistance or requesting a restore from tape backup. They can do this simply by copying the deleted files from the recycle bins. Ideally, this will minimize the administrative bottleneck in users' restores by allowing them to manage their own file recovery.

I used this patch to implement a UNIX-based recycling bin on my own network. Note that this business of deleting (or not deleting) files is an extremely critical operation. The patch works for me, but you should be sure it works for you before depending on it. Before implementing the UNIX recycling bin, be sure to test it thoroughly in your own environment.

Installation of the Patch

In this article, I refer to the most recent stable release of Samba, version 2.0.7. You can download the tarball from The system used for this installation was x86-based Linux running Red Hat 6.2. This patch should work with any system where that version of Samba has been successfully installed. Specifically, this patch adds an advanced share parameter for Samba called recycle bin. The current feature set of this patch include:

  • Recycled files are never overwritten; they will be appended with an auto-incrementing suffix.
  • If the recycle bin directory doesn't exist, it will be created.
  • If a file in the recycle bin is deleted, it will be removed.
  • If the recycle bin is deleted, it and its contents will be removed.
  • Cross-filesystem support. This allows for central management of users' recycle bin vs. user-controlled.
  • Quota support.
  • The following diff patches, photo.h, loadparm.c, and reply.c can be downloaded from Amherst College's public ftp site:
The patch installation instructions assume you saved the patch files in root's home directory. You may need to adjust the locations of the patch files and Samba source files. The patch command takes a patchfile containing a difference listing produced by the diff program and applies those differences to one or more original files, producing a patched version. More information can be found using the man pages. To install the patch, login as root and issue the following commands:

# patch /root/samba-2.0.7/source/include/proto.h /root/proto.h.recycle
# patch /root/samba-2.0.7/source/params/loadparm.c /root/loadparm.c.recycle
# patch /root/samba-2.0.7/source/smbd/reply.c /root/reply.c.recycle
After you have successfully patched the system files, find loadparm.o and reply.o, and remove those files manually or use make clean. (See Listing 1). Removing just the affected object files will speed up the recompile. You may also want to change the current configuration of your Makefile; options for this can be found by using configure -help. Samba comes with a rich set of options, most of which are out of the scope of this article. I recommend exploring these options, though, since many of them solve administrative problems. Next, rebuild the Samba source by issuing the make command. After make has finished, install the patched source using make install. Now restart Samba to confirm the patch installation works properly.

Samba Configuration

Samba can be configured by two methods. The first is by manually editing Samba's text configuration file, called smb.conf. This file is located in /usr/local/samba/lib by default, but may be in a different location depending on your installation. The second configuration method is Samba's Web-based GUI. Both methods support the recycle bin parameter. I have tried to make the syntax as simple as possible. The share parameter recycle bin relates to the directory name, and (without any additional path information) is relative to the root of the defined share. The recycle bin parameter also accepts absolute paths and Samba variables:

  • This example of smb.conf, will create a directory called .recycled in the home directory of each user. Any time a user deletes a file, it will be moved to .recycled:

comment = Home Directories
writeable = Yes
browseable = No
recycle bin = .recycled
note:  by using the . in the name you can make your recycle bin hidden.
  • This example sets the user recycle bin to /tmp. This allows for central management of all the user recycle bins on a separate filesystem:

comment = Home Directories
writeable = Yes
browseable = No
recycle bin = /tmp/%U
comment = Your Online Backup
path = /tmp/%U
Quota Configuration
The Samba documentation in quota.c says "This is one of the most system dependent parts of Samba, and it's done a little differently." I have done a lot of work on system quota support. In our institution, it is critical that the user's quota controls the functionality of the recycle bin. I have configured our Samba installation with quota support enabled, but I have found that that feature has little to do with quota control. This option displays the capacity of a mapped Windows/Samba drive based upon the connecting user's quota. This feature enables users to see their quota usage. In terms of quota, I have removed any system dependencies associated with the patch. So, it should work with a system using quotas or not, and with or without the "with-quotas" support compiled into Samba.

UNIX Systems Integration

With some careful consideration, your UNIX server can be integrated with Samba to provide a more informative environment for your users. For example, when a user logs into a UNIX server that has quotas enabled, the system does a quota check for that user. If the user were over his quota, it would be useful to suggest that the recycle bin be deleted. Again, this allows users to manage their own data and minimizes the direct involvement of the systems administrator.

Our users access their data from multiple platforms. So, to completely protect the entire user data space, I rewrote the UNIX rm command to mimic the functionality of the Samba recycle bin. Listing 2 is a simple shell script to replace the rm command.

Another issue to consider is management of individual user recycle bins. Without proper maintenance, the recycle bins can grow quickly. Ideally, users will manage their own, but you might like to encourage timely removal of old files. The recycle bins can be scrubbed for files older than some date using the following:

find /home/*/.recycled -type f -atime +15 -exec rm {} \; \
  *.recycled refers to the recycle bin name
With a cron job and the find command, management of recycle bins can be automated. This will minimize the risk that users will unexpectedly trip their quota limit. The drawback to automatically managing user data is the possibility that you remove a file that they might need. As the systems administrator, you will have to judge the tradeoff on automatically managing user data.


With the advent of large-scale centralized storage, the feasibility of timely restores of user data is uncertain. The high-end storage market has realized this problem, and provides a mechanism to empower the users to manage their own file recovery. This patch tries to address these problems, but it still has little affect if the user overwrites a file. In this circumstance, a restore from tape will still be necessary. Future versions of this patch may provide this protection by taking a snapshot of the entire user directory. This functionality may actually replace the need for nightly backup. Finally, I also thank Peter Samuelson for his preliminary work. Without it, I doubt I would have been able to complete this patch.

Brandon Stone received his bachelor's degrees in Computer Science and Anthropology from Kent State University. After completing his degrees, Brandon started his systems administration career at Kent State, then HP, Keybank, and Alltel, enjoying the late '90s tech boom. Brandon currently works for Amherst College as the campus systems administrator. He spends his free time hiking around the mountains of western Massachusetts. He can be reached at: