Failure Analysis of Samba (4/23) with NT

Marc Jacobsen Marc_Jacobsen at
Thu May 3 15:25:39 GMT 2001


appologies if things have changed for 2.2.0, but with 2.0.8 you had

create mask (a.k.a. create mode)
force create mode
directory mask (a.k.a directory mode)
force directory mode

which all dealt with files/directories being created, and as I understood it had
nothing whatsoever to do with changing file permissions through the NT ACL

For that you had

security mask
force security mode
directory security mask
force directory security mode

which only dealt with changing file permissions through the NT ACL interface.

If all these parameters are being enforced properly the create stuff shouldn't
affect setting ACLs, right?  If you want to "acl ignore mask" you just set the
second 4 parameters to 0 or 777 or whatever.  Adding another parameter seems
totally redundant.

Am I missing something?

Marc Jacobsen

Jeremy Allison wrote:
> On Thu, May 03, 2001 at 09:28:35AM +0200, Volker Lendecke wrote:
> > On Wed, May 02, 2001 at 05:08:27PM -0400, Jeremy Allison wrote:
> >
> > > Do you have any ideas on the best default to set for 2.2.1 ?
> > > I'm CC:ing this to samba-technical to get more feedback.
> >
> > Maybe it would be best to ignore 'create mask' completely after the file has
> > been created. After that the user explicitly says what he wants. And it's
> > completely unix semantics to give the user the ability to change his acls. I
> > always understood 'create mask' as a hack around not having the concept of
> > umask in SMB.
> Yes, that's what Andrew also suggested. I'm tempted to
> add a per-share parameter "acl ignore mask" that defaults
> to "true" to allow admins who *really* want their masks
> obeyed (even on ACL filesystems) to enforce them.
> It's a 6 line fix in smbd/posix_acls.c to do this (and I
> promise to write the docs :-).
> Jeremy.
> --
> --------------------------------------------------------
> Buying an operating system without source is like buying
> a self-assembly Space Shuttle with no instructions.
> --------------------------------------------------------

More information about the samba-technical mailing list