[Samba] OSX 10.9, sticky-bit and deleting other people's stuff
nairb rotsak
ipguru99 at yahoo.com
Wed Jan 8 10:54:27 MST 2014
Hello!
First question I have ever asked here.. and I attribute that to the many people that have documented the crap out of how to do things with Samba.. thanks to all!!
I have a client using Samba 3.6.3 on Ubuntu 12.04.2. There are about 30 shares, 50 users. Not sure how much of this is needed, but it seems pointless to post unless I at least post this:
# Auth
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
;guest account = nobody
invalid users = root
map to guest = bad user
domain logons = no
os level = 20
I have read a few tips on getting the sticky bit working. The groups work great, we have everyone using shares like this:
[staff]
comment = staff
writable = no
write list = user1,user2
browseable = no
path = /data/samba/staff
create mask = 660
valid users = @users
force directory mode = 2770
force create mode = 660
;
root at fileserver:~# stat /data/samba/staff/ | grep users
Access: (2770/drwxrws---) Uid: ( 0/ root) Gid: ( 100/ users)
This gives the two users RW, others are RO.
The problem:
I can't get it so the Apple's are NOT able to delete each other stuff. I can change the Share definition and it works for PC's and Linux (Well, my Ubuntu workstation (12.04) has no problem). The share definition I change to is this:
[shared]
comment = shared
writeable = yes
browseable = yes
path = /srv/shared
valid users = @shared
force directory mode = 3770
force create mode = 660
;
root at fs:~# stat /srv/shared/ | grep shared
File: `/srv/shared/'
Access: (3770/drwxrws--T) Uid: ( 0/ root) Gid: ( 1003/ shared)
... if someone can tell me (I do realize there is a little difference between my test environment and production (the paths are different.. the group isn't users.. but I have used many, many combinations and I am pretty sure that isn't it) this isn't possible because OSX 10.9 screwed something up, I would appreciate it. I think my customer has tried 10.8 to no avail.. so I am not sure it is that.
I thought they were crazy, because I kept testing it in my lab and it works just fine with 3770.. but they have tried it multiple times and it seems like it (Apple) just ignores what is going on.
I also have this in my smb.conf (these were added in the last couple of years.. nothing recent.. when Apple broke other things):
# Stupid Mac bugs
max protocol = SMB2
unix extensions = no
kernel oplocks = no
...anyone point me to what I am doing wrong? Thanks again!
More information about the samba
mailing list