files in cifs mounted share are always created universal rw

steve steve at steve-ss.com
Fri Feb 8 02:55:54 MST 2013 

Hi everyone

I'm really sorry to have to bump this but I'm still stuck with it. Maybe 
my question wasn't clear. Can I summarise it?

When I create any file in a cifs mounted share it is always created with 
universal read and write privileges. The cifs server is samba 4.1.0 git 
(but the same with 4.0.2).

Can anyone help me?
Thanks,
Steve

On 03/02/13 08:54, steve wrote:
> Hi everyone.
>
> Whenever a file is created in a cifs mounted share from samba 4.0.3 
> git on a Linux client, it is always created with universal rw no 
> matter what permissions and acl are set on the underlying ext4 file 
> system.
>
> I posted the details on the samba list but got no hits. Can anyone 
> here help?
>
> Here is a copy of the post:
>
> I have these shares in smb.conf:
> [home2]
>         path = /home2
>         read only = No
> [home]
>         path = /home2/home
>         read only = No
>
> I mount [home] on a Linux client like this:
> mount -t cifs //hh1/home2 /home2 -osec=krb5,rw,multiuser
>
> Here is the output of the mount command:
>
> //hh1/home2 on /home2 type cifs 
> (rw,relatime,vers=1.0,sec=krb5,cache=loose,unc=\\hh1\home2,multiuser,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.2,unix,posixpaths,serverino,acl,noperm,rsize=1048576,wsize=65536,actimeo=1)
>
> Here are the acl's on the relevant directories:
>
> getfacl /home2
> getfacl: Removing leading '/' from absolute path names
> # file: home2
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
>
> getfacl /home2/home
> getfacl: Removing leading '/' from absolute path names
> # file: home2/home
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
>
> getfacl /home2/home/steve2
> getfacl: Removing leading '/' from absolute path names
> # file: home2/home/steve2
> # owner: steve2
> # group: Domain\040Users
> user::rwx
> group::r-x
> other::r-x
>
> Now, if steve2 logs in and creates a file on the cifs mounted share on 
> the client:
> steve2 at hh10:~> touch s2.txt
>
> it is created with universal read write access:
> steve2 at hh10:~> ls -l s2.txt
> -rwxrwxrwx+ 1 steve2 Domain Users 0 Feb  1 12:08 s2.txt
>
> getfacl s2.txt
> # file: s2.txt
> # owner: steve2
> # group: Domain\040Users
> user::rwx
> user:steve2:rwx
> group::rwx
> group:Domain\040Users:rwx
> mask::rwx
> other::rwx
>
> If I log into the fileserver as steve2 (I.e. when it's not mounted), 
> it works fine and files are created as expected:
> -rw-r--r--   1 steve2 Domain Users    0 Feb  1 11:52 s3.txt
>
> Question:
>
> Why does the cifs mounted share always create files with universal rw?
> What can I do to correct this?
>
> Cheers,
> Steve
>

More information about the samba-technical mailing list