directory mask = 2770

Chris Ditri chrisd at better-investing.org
Tue Oct 16 07:21:09 GMT 2001


Charles:

The first digit, in this case '2' sets the directory guid.

Since I'm sure that means nothing to you (It didn't to me at first!), I 
will explain a little further.

When the guid is set the file in question, if executed, is executed as if 
you were a member of that file's group.  (Rember, every file has a user and 
group associated with it, do an "ls -l" anywhere in Unix, and you will see 
this).  The effect that this has upon directories is this:  every file 
created underneath that directory takes the group of the parent directory.

For an experiment, try this:
# touch hello
# ls -l hello
         (the output is something like:  -rwxr-xr-x hello)
# chmod 2770 hello
# ls -l hello
         (the output is something like:          -rwxrws--- hello)

Notice the 's'.  that means the guid (group user id) is set.


You can also set perms to 4XXX (e.g. 4770) to set the user ID (set uid or 
suid).
This executes a file as if you were that user.

Play with it, it is cool, but be careful when setting SUID for root!  It 
can cause security issues.


Chris





At 08:48 AM 10/16/2001 -0400, you wrote:
>May I ask a ridiculously stupid question?
>
>I have seen this four digit mask many times, but I am only familiar with the
>function of the last three digits - what in the heck is the first digit
>for??
>
>Thanks
>
>Charles
>
>-----Original Message-----
>From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
>Behalf Of Chris Ditri
>Sent: Tuesday, October 16, 2001 8:33 AM
>To: samba at lists.samba.org
>Subject: directory mask = 2770
>
>
>Hello everyone.
>
>I am using Samba 2.0.7 on a RedHat 6.2 machine. I wanted to apply a
>directory mask of 2770 to everything created in a share.  The root
>directory of this share already has these permissions.  I want to have it
>so that everything created in a certain directory has the permissions of
>the group of the creator.
>
>As it stands, I do have the directory mask = 2770 line in the smb.conf
>regarding this share, and as I said, the 2770 permissions on the parent
>directory (that I set manually).  Files created in this share wind up with
>the perms of 770 instead of 2770, but do take the group of the parent
>directory. BUT if someone creates a directory within that directory, the
>perms are 770 and the group is not inherited from the parent.
>
>Now I know what you are thinking:  "Why doesn't he just use the 'force
>group' setting." Suffice it to say, it doesn't suit my needs in this
>instance.  If you want the long version, I can post that too, I just didn't
>want to waste people's time.
>
>Can samba support a directory mask of 2770?  If so, what am I doing wrong?
>
>Thanks!
>
>
>Chris
>
>A snippet of smb.conf:
>
>[share]
>path=/share
>browseable =no
>force user = %U
>create mask = 0770
>directory mask = 2770
>admin users = chrisd,kurtk,administrator,zena
>valid users = chrisd,kurtk,administrator,zena,+homeshare
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba





More information about the samba mailing list