directory mask = 2770
Chris Ditri
chrisd at better-investing.org
Tue Oct 16 07:21:09 GMT 2001
Charles:
The first digit, in this case '2' sets the directory guid.
Since I'm sure that means nothing to you (It didn't to me at first!), I
will explain a little further.
When the guid is set the file in question, if executed, is executed as if
you were a member of that file's group. (Rember, every file has a user and
group associated with it, do an "ls -l" anywhere in Unix, and you will see
this). The effect that this has upon directories is this: every file
created underneath that directory takes the group of the parent directory.
For an experiment, try this:
# touch hello
# ls -l hello
(the output is something like: -rwxr-xr-x hello)
# chmod 2770 hello
# ls -l hello
(the output is something like: -rwxrws--- hello)
Notice the 's'. that means the guid (group user id) is set.
You can also set perms to 4XXX (e.g. 4770) to set the user ID (set uid or
suid).
This executes a file as if you were that user.
Play with it, it is cool, but be careful when setting SUID for root! It
can cause security issues.
Chris
At 08:48 AM 10/16/2001 -0400, you wrote:
>May I ask a ridiculously stupid question?
>
>I have seen this four digit mask many times, but I am only familiar with the
>function of the last three digits - what in the heck is the first digit
>for??
>
>Thanks
>
>Charles
>
>-----Original Message-----
>From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
>Behalf Of Chris Ditri
>Sent: Tuesday, October 16, 2001 8:33 AM
>To: samba at lists.samba.org
>Subject: directory mask = 2770
>
>
>Hello everyone.
>
>I am using Samba 2.0.7 on a RedHat 6.2 machine. I wanted to apply a
>directory mask of 2770 to everything created in a share. The root
>directory of this share already has these permissions. I want to have it
>so that everything created in a certain directory has the permissions of
>the group of the creator.
>
>As it stands, I do have the directory mask = 2770 line in the smb.conf
>regarding this share, and as I said, the 2770 permissions on the parent
>directory (that I set manually). Files created in this share wind up with
>the perms of 770 instead of 2770, but do take the group of the parent
>directory. BUT if someone creates a directory within that directory, the
>perms are 770 and the group is not inherited from the parent.
>
>Now I know what you are thinking: "Why doesn't he just use the 'force
>group' setting." Suffice it to say, it doesn't suit my needs in this
>instance. If you want the long version, I can post that too, I just didn't
>want to waste people's time.
>
>Can samba support a directory mask of 2770? If so, what am I doing wrong?
>
>Thanks!
>
>
>Chris
>
>A snippet of smb.conf:
>
>[share]
>path=/share
>browseable =no
>force user = %U
>create mask = 0770
>directory mask = 2770
>admin users = chrisd,kurtk,administrator,zena
>valid users = chrisd,kurtk,administrator,zena,+homeshare
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list