Fix for Samba server masking world writeable perm off
Jeremy Allison
jra at samba.org
Tue Feb 26 16:02:10 UTC 2019
On Tue, Feb 26, 2019 at 12:20:20AM -0600, Steve French wrote:
> Very strange - I noticed that using jra's experimental POSIX code, the
> Samba server would always mask off the world writeable flag ie 0777
> would become 0775 permissions. No matter what the masks were in
> smb.conf.
>
> Turned out to be simple but strange:
>
> Removing the
> "obey pam restrictions"
> line from smb.conf (which seems to be set by default in some distros)
> fixed the problem. Now a SMB3.1.1 POSIX mkdir ends up with 0777 mode
> after a mkdir -m 0777 ...
>
> I am quite surprised that this parm does anything related to the mode
> bits, and would not have thought of it, but noticed it when googling
> for these particular permissions .... (it hit on this post from a year
> ago where a user hit the same problem with permissions being masked
> this way and Samba server:
> https://askubuntu.com/questions/210808/set-umask-set-permissions-and-set-acl-but-samba-isnt-using-those)
> .
>
> Any idea why "obey pam restrictions" would cause Samba to mask mode bits?
That is utterly insane.
~/src/samba/git/smb2-posix$ git grep lp_obey_pam
source3/auth/pampass.c: if (!lp_obey_pam_restrictions())
source3/auth/pampass.c: if (!lp_obey_pam_restrictions())
source3/auth/pampass.c: if (!lp_obey_pam_restrictions())
Is it possible some of the pam calls are setting a
umask internally ?
More information about the samba-technical
mailing list