[Samba] OSX 10.9, sticky-bit and deleting other people's stuff

Wed Jan 8 10:54:27 MST 2014

Hello!

First question I have ever asked here.. and I attribute that to the many people that have documented the crap out of how to do things with Samba.. thanks to all!! 

I have a client using Samba 3.6.3 on Ubuntu 12.04.2. There are about 30 shares, 50 users. Not sure how much of this is needed, but it seems pointless to post unless I at least post this:

# Auth
 security = user
 encrypt passwords = true
 passdb backend = tdbsam
 obey pam restrictions = yes
;guest account = nobody
 invalid users = root
 map to guest = bad user
 domain logons = no
 os level = 20

I have read a few tips on getting the sticky bit working. The groups work great, we have everyone using shares like this:

[staff]
   comment = staff
   writable = no
   write list = user1,user2
   browseable = no 
   path = /data/samba/staff
   create mask = 660
   valid users = @users
   force directory mode = 2770
   force create mode = 660
;

root at fileserver:~# stat /data/samba/staff/ | grep users
Access: (2770/drwxrws---)  Uid: (     0/     root)   Gid: (  100/   users)

This gives the two users RW, others are RO. 

The problem:

I can't get it so the Apple's are NOT able to delete each other stuff. I can change the Share definition and it works for PC's and Linux (Well, my Ubuntu workstation (12.04) has no problem). The share definition I change to is this:

[shared]
   comment = shared
   writeable = yes
   browseable = yes 
   path = /srv/shared
   valid users = @shared
   force directory mode = 3770
   force create mode = 660
;

root at fs:~# stat /srv/shared/ | grep shared
  File: `/srv/shared/'
Access: (3770/drwxrws--T)  Uid: (    0/    root)   Gid: ( 1003/  shared)

... if someone can tell me (I do realize there is a little difference between my test environment and production (the paths are different.. the group isn't users.. but I have used many, many combinations and I am pretty sure that isn't it) this isn't possible because OSX 10.9 screwed something up, I would appreciate it. I think my customer has tried 10.8 to no avail.. so I am not sure it is that. 

I thought they were crazy, because I kept testing it in my lab and it works just fine with 3770.. but they have tried it multiple times and it seems like it (Apple) just ignores what is going on. 

I also have this in my smb.conf (these were added in the last couple of years.. nothing recent.. when Apple broke other things):

# Stupid Mac bugs
max protocol = SMB2
unix extensions = no
kernel oplocks = no

...anyone point me to what I am doing wrong?  Thanks again!