[Samba] MacOSX 10.9.4 with Samba 4.1.11 and permissions weirdness
Dan Mons
dmons at cuttingedge.com.au
Sun Nov 16 14:51:03 MST 2014
Bumping this one last time in the hope that someone else has a fix or
workaround.
Permissions and umasks are still a problem with MacOSX clients.
create mask / force mask are ignored most of the time by MacOSX 10.8
through to 10.10 clients, and that causes much pain.
This wasn't a problem in Samba3, as the various permission mask
options were always enforced regardless of client stupidity.
-Dan
----------------
Dan Mons - R&D Sysadmin
Cutting Edge
http://cuttingedge.com.au
On 28 August 2014 09:23, Dan Mons <dmons at cuttingedge.com.au> wrote:
> Hi,
>
> Thanks for the reply.
>
> We've tried "unix extensions = no", and it makes no changes to
> permissions of folders being written.
>
> What it does do, however, is break the Mac's ability to make real
> POSIX symlinks (instead we get those annoying Minshall+French symlinks
> that don't work on other Linux systems). As such, we've had to keep
> "unix extensions = yes" as that's integral to how our Macs need to
> work with the rest of our Linux systems.
>
> -Dan
>
> ----------------
> Dan Mons
> Unbreaker of broken things
> Cutting Edge
> http://cuttingedge.com.au
>
>
> On 28 August 2014 08:46, Danilo Mussolini <danilo at mdotti.com> wrote:
>> Try "unix extensions = no". I guess this will help you.
>>
>>
>> Best,
>>
>>
>>
>>
>> On Wed, Aug 27, 2014 at 6:59 PM, Dan Mons <dmons at cuttingedge.com.au> wrote:
>>>
>>> Hi folks,
>>>
>>> I'm running CentOS 6.5 on our storage nodes, with Samba 4.1.11 RPMs from
>>> Sernet.
>>>
>>> We're having a strange issue with MacOSX clients (testing on 10.9.4)
>>> when writing directories.
>>>
>>> Relevant smb.conf share portions:
>>>
>>> create mask = 0660
>>> force create mode = 0660
>>> directory mask = 0770
>>> force directory mode = 0770
>>> nt acl support = no
>>>
>>> With these in place, any Mac client that copies a directory across
>>> writes the permissions for a directory as (reported directly on the
>>> Linux storage):
>>>
>>> u=rw
>>> g=rwx
>>> o=
>>> i.e.: 0670
>>>
>>> The user loses the execute permission on directories, and can no
>>> longer traverse directories or list their contents.
>>>
>>> When I replace the smb.conf portion with the following:
>>>
>>> create mask = 0770
>>> force create mode = 0770
>>> directory mask = 0770
>>> force directory mode = 0770
>>> nt acl support = no
>>>
>>> Directories correctly get 0770 permissions on the Linux file system,
>>> however so do regular files (I'm trying to avoid regular files getting
>>> marked as executable for this particular data store).
>>>
>>> We have multiple sites and multiple data stores (two whopping big
>>> Gluster stores, as well as some regular NAS units with standard local
>>> storage), and the problem exists the same way on all of them.
>>>
>>> We began testing on Samba 4.1.9 originally, and it showed the same
>>> behaviour. I'm just wondering if anyone else has seen the same, or if
>>> it's just MacOSX madness (which I'm willing to accept as the answer,
>>> as MacOSX is anything but consistent with SMB).
>>>
>>> Previously on Samba 3.6.9 provided with CentOS 6, I would add the
>>> following share options to solve Mac-specific weirdness:
>>>
>>> #security mask = 0660
>>> #force security mode = 0660
>>> #directory security mask = 0770
>>> #force directory security mode = 0770
>>>
>>> These no longer work in Samba 4, and both the man pages and Samba wiki
>>> reflect this change. When I apply my Google-fu to this problem, these
>>> options are what most people are suggesting, but again they're not
>>> available to me.
>>>
>>> Cheers for any insight offered.
>>>
>>> -Dan
>>>
>>> ----------------
>>> Dan Mons
>>> Unbreaker of broken things
>>> Cutting Edge
>>> http://cuttingedge.com.au
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
More information about the samba
mailing list