directory mask = 2770
Christian Barth
barth at cck.uni-kl.de
Tue Oct 16 10:39:07 GMT 2001
In the "old days" bevor the "inherit permissions" parameter was
introduced, the s-bit for the group of a directory was used in the
standard unix way: new files (copied, not moved!) had the dessired
group, new directories had the group and the s-bit. All was well.
With this fine new parameter in 2.0.7 and its default with no, this
behaviour was gone: new directories didn't get the s-bit :-(
If you change it to "yes" you get the s-bit and every thing eles as
discribed in the man page. Whitch is a fine thing. I have directory
mask = 0770, havn't played with any other and havn't tried any newer
version.
Christian
> Charles:
>
> The first digit, in this case '2' sets the directory guid.
>
> Since I'm sure that means nothing to you (It didn't to me at first!), I
> will explain a little further.
>
> When the guid is set the file in question, if executed, is executed as if
> you were a member of that file's group. (Rember, every file has a user and
> group associated with it, do an "ls -l" anywhere in Unix, and you will see
> this). The effect that this has upon directories is this: every file
> created underneath that directory takes the group of the parent directory.
>
> For an experiment, try this:
> # touch hello
> # ls -l hello
> (the output is something like: -rwxr-xr-x hello)
> # chmod 2770 hello
> # ls -l hello
> (the output is something like: -rwxrws--- hello)
>
> Notice the 's'. that means the guid (group user id) is set.
>
>
> You can also set perms to 4XXX (e.g. 4770) to set the user ID (set uid or
> suid).
> This executes a file as if you were that user.
>
> Play with it, it is cool, but be careful when setting SUID for root! It
> can cause security issues.
>
>
> Chris
>
>
>
>
>
> At 08:48 AM 10/16/2001 -0400, you wrote:
> >May I ask a ridiculously stupid question?
> >
> >I have seen this four digit mask many times, but I am only familiar with the
> >function of the last three digits - what in the heck is the first digit
> >for??
> >
> >Thanks
> >
> >Charles
> >
> >-----Original Message-----
> >From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
> >Behalf Of Chris Ditri
> >Sent: Tuesday, October 16, 2001 8:33 AM
> >To: samba at lists.samba.org
> >Subject: directory mask = 2770
> >
> >
> >Hello everyone.
> >
> >I am using Samba 2.0.7 on a RedHat 6.2 machine. I wanted to apply a
> >directory mask of 2770 to everything created in a share. The root
> >directory of this share already has these permissions. I want to have it
> >so that everything created in a certain directory has the permissions of
> >the group of the creator.
> >
> >As it stands, I do have the directory mask = 2770 line in the smb.conf
> >regarding this share, and as I said, the 2770 permissions on the parent
> >directory (that I set manually). Files created in this share wind up with
> >the perms of 770 instead of 2770, but do take the group of the parent
> >directory. BUT if someone creates a directory within that directory, the
> >perms are 770 and the group is not inherited from the parent.
> >
> >Now I know what you are thinking: "Why doesn't he just use the 'force
> >group' setting." Suffice it to say, it doesn't suit my needs in this
> >instance. If you want the long version, I can post that too, I just didn't
> >want to waste people's time.
> >
> >Can samba support a directory mask of 2770? If so, what am I doing wrong?
> >
> >Thanks!
> >
> >
> >Chris
> >
> >A snippet of smb.conf:
> >
> >[share]
> >path=/share
> >browseable =no
> >force user = %U
> >create mask = 0770
> >directory mask = 2770
> >admin users = chrisd,kurtk,administrator,zena
> >valid users = chrisd,kurtk,administrator,zena,+homeshare
> >
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: http://lists.samba.org/mailman/listinfo/samba
> >
> >
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
_(_)_ wWWWw _
@@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_
@@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_)
@@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\
/ Y \| \|/ /(_) \| |/ |
\ | \ |/ | / \ | / \|/ |/ \| \|/
jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|//
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
More information about the samba
mailing list