File permissions
Steve
Saitman at laschools.org
Tue Oct 2 08:10:02 GMT 2001
I am running samba 2.2.1a on a Redhat 7.1 with the 2.4.7 kernel.(rosat2)
The root directory is /export. It resides on a nas box. The nas controler
is running redhat 7.1 with the 2.4.7 kernel. /export is nfs mounted on
rosat2.
The problem that I am running into is that file permissions are not
set according to the smb.conf file. When a new directory is created in the
group share the directory will be created with the permissions of 750
instead of 770, and likewise with the file permissions. On a newly created
files in the group share the permissions will be 640 instead of 660. In the
homes share the directory will be 755 as it should be but the file is 644
instead of 755.
This is a copy of the smb.conf file that is currently running.
# $Id: smb.conf,v 1.11 2000/09/22 09:12:31 root Exp $
#
# Initial Samba smb.conf file for Windows 98 domain controller
# Written by Gerald Carter <jerry at samba.org>
# Modified by Jean-Michel Dault <jmdault at mandrakesoft.com>
[global]
debug timestamp = no
log level = 1
; server name settings
netbios name = ROSAT2
workgroup = LAUSD-SAMBA
; security settings
security = user
invalid users = root bin daemon adm sync shutdown halt news mail
uucp games \
gopher ftp xfs gdm piranha squid
hosts allow = 192.168.
; password settings
encrypt passwords = no
update encrypted = yes
smb passwd file = /usr/samba/private/smbpasswd
password level = 8
; printing parameters
;printer driver file=/export/samba/printers/printers.def
;load printers = yes
; domain and browsing settings
domain logons = yes
logon script = logon.bat
preferred master = yes
domain master = yes
local master = yes
os level = 255
wins support = yes
; case settings
case sensitive = no
default case = lower
short preserve case = yes
preserve case = yes
map archive = no
; default service parameters
read only = yes
guest ok = no
browseable = yes
admin users = @sysadmin
default service = othergroup
domain admin group = root @root
;
; NETLOGON service required for domain logon support
;
[netlogon]
comment = NETLOGON service
path = /export/samba/netlogon
create mask = 0664
force create mode = 0664
directory mode = 775
force directory mode = 775
write list = @sysadmin
guest ok = yes
browseable = no
[users]
comment = Administrative user preferences
root preexec = /usr/samba/bin/create_userdir %U %G
path =/export/samba/users/%U
create mask = 0600
force create mode = 0600
directory mask = 0700
force directory mode = 0700
browseable = no
[export]
comment = Export Directory
path = /export
public = no
writable = yes
printable = no
valid users = @sysadmin
browseable = yes
[test]
comment = Run testparm
path = /tmp/testparm
preexec = mkdir -p /tmp/testparm;/usr/bin/testparm
> /tmp/testparm/testparm.txt;todos /tmp/testparm/testparm.txt
postexec = /bin/rm -f /tmp/testparm/testparm.txt
public = yes
writable = no
printable = no
browseable = no
[homes]
comment = Home directory for [%U]
path = /export/home/%U
browseable = no
read only = no
create mask = 0755
directory mask = 0755
only user = yes
users = %S
[group]
comment = %g group share on %L [%U]
path = /export/samba/group/%g
create mask = 0660
force create mode = 0660
directory mask = 0770
force directory mode = 0770
read only = no
browseable = yes
force group = %g
users = @%g
admin users = @admgroup
[nettools]
comment = Global share for sysadmin users
path = /export/nettools
create mask = 0660
force create mode = 0660
write list = ssaitman jholzing
directory mask = 0755
force directory mode = 0755
read only = no
admin users = @sysadmin
[othergroup]
comment = Additional group share on %L (%U/%g)
path = /export/samba/group/%S
create mask = 0660
force create mode = 0660
directory mask = 0770
force directory mode = 0770
read only = no
browseable = yes
force group = %S
users = @%S
[public]
comment = Global share for authenticated users
path = /export/public
create mask = 0644
force create mode = 0644
directory mask = 1777
force directory mode = 1777
read only = no
admin users = @sysadmin
[printers]
comment = %S printer on %h
path = /var/spool/samba
printable = yes
browseable = no
print command = /usr/bin/lpr -P%p -r %s
lprm command = /usr/bin/lpr -P%p %j
[interchk]
comment = Sophos InterCheck client
path = /export/samba/intercheck
public = yes
writable = yes
printable = no
[global]
debug timestamp = no
log level = 1
; server name settings
netbios name = ROSAT2
workgroup = LAUSD-SAMBA
; security settings
security = user
invalid users = root bin daemon adm sync shutdown halt news mail
uucp games \
gopher ftp xfs gdm piranha squid
hosts allow = 192.168.
; password settings
encrypt passwords = no
update encrypted = yes
smb passwd file = /usr/samba/private/smbpasswd
password level = 8
; printing parameters
;printer driver file=/export/samba/printers/printers.def
;load printers = yes
; domain and browsing settings
domain logons = yes
logon script = logon.bat
preferred master = yes
domain master = yes
local master = yes
os level = 255
wins support = yes
; case settings
case sensitive = no
default case = lower
short preserve case = yes
preserve case = yes
map archive = no
; default service parameters
read only = yes
guest ok = no
browseable = yes
admin users = @sysadmin
default service = othergroup
domain admin group = root @root
;
; NETLOGON service required for domain logon support
;
[netlogon]
comment = NETLOGON service
path = /export/samba/netlogon
create mask = 0664
force create mode = 0664
directory mode = 775
force directory mode = 775
write list = @sysadmin
guest ok = yes
browseable = no
[users]
comment = Administrative user preferences
root preexec = /usr/samba/bin/create_userdir %U %G
path =/export/samba/users/%U
create mask = 0600
force create mode = 0600
directory mask = 0700
force directory mode = 0700
browseable = no
[export]
comment = Export Directory
path = /export
public = no
writable = yes
printable = no
valid users = @sysadmin
browseable = yes
[test]
comment = Run testparm
path = /tmp/testparm
preexec = mkdir -p /tmp/testparm;/usr/bin/testparm
> /tmp/testparm/testparm.txt;todos /tmp/testparm/testparm.txt
postexec = /bin/rm -f /tmp/testparm/testparm.txt
public = yes
writable = no
printable = no
browseable = no
[homes]
comment = Home directory for [%U]
path = /export/home/%U
browseable = no
read only = no
create mask = 0755
directory mask = 0755
only user = yes
users = %S
[group]
comment = %g group share on %L [%U]
path = /export/samba/group/%g
create mask = 0660
force create mode = 0660
directory mask = 0770
force directory mode = 0770
read only = no
browseable = yes
force group = %g
users = @%g
admin users = @admgroup
[nettools]
comment = Global share for sysadmin users
path = /export/nettools
create mask = 0660
force create mode = 0660
write list = ssaitman jholzing
directory mask = 0755
force directory mode = 0755
read only = no
admin users = @sysadmin
[othergroup]
comment = Additional group share on %L (%U/%g)
path = /export/samba/group/%S
create mask = 0660
force create mode = 0660
directory mask = 0770
force directory mode = 0770
read only = no
browseable = yes
force group = %S
users = @%S
[public]
comment = Global share for authenticated users
path = /export/public
create mask = 0644
force create mode = 0644
directory mask = 1777
force directory mode = 1777
read only = no
admin users = @sysadmin
[printers]
comment = %S printer on %h
path = /var/spool/samba
printable = yes
browseable = no
print command = /usr/bin/lpr -P%p -r %s
lprm command = /usr/bin/lpr -P%p %j
[interchk]
comment = Sophos InterCheck client
path = /export/samba/intercheck
public = yes
writable = yes
printable = no
Thanks in advance.
**************************************************
Steve Saitman
Network Technician
Facilities Services Division
Los Angeles Unified School District
Office 213
Fax 213-633-8462
More information about the samba-ntdom
mailing list