directory mask = 2770

Christian Barth barth at cck.uni-kl.de
Tue Oct 16 10:39:07 GMT 2001


In the "old days" bevor the "inherit permissions" parameter was 
introduced, the s-bit for the group of a directory was used in the 
standard unix way: new files (copied, not moved!) had the dessired 
group, new directories had the group and the s-bit. All was well. 
With this fine new parameter in 2.0.7 and its default with no, this 
behaviour was gone: new directories didn't get the s-bit :-(

If you change it to "yes" you get the s-bit and every thing eles as 
discribed in the man page. Whitch is a fine thing. I have directory 
mask = 0770, havn't played with any other and havn't tried any newer 
version.

Christian


> Charles:
> 
> The first digit, in this case '2' sets the directory guid.
> 
> Since I'm sure that means nothing to you (It didn't to me at first!), I 
> will explain a little further.
> 
> When the guid is set the file in question, if executed, is executed as if 
> you were a member of that file's group.  (Rember, every file has a user and 
> group associated with it, do an "ls -l" anywhere in Unix, and you will see 
> this).  The effect that this has upon directories is this:  every file 
> created underneath that directory takes the group of the parent directory.
> 
> For an experiment, try this:
> # touch hello
> # ls -l hello
>          (the output is something like:  -rwxr-xr-x hello)
> # chmod 2770 hello
> # ls -l hello
>          (the output is something like:          -rwxrws--- hello)
> 
> Notice the 's'.  that means the guid (group user id) is set.
> 
> 
> You can also set perms to 4XXX (e.g. 4770) to set the user ID (set uid or 
> suid).
> This executes a file as if you were that user.
> 
> Play with it, it is cool, but be careful when setting SUID for root!  It 
> can cause security issues.
> 
> 
> Chris
> 
> 
> 
> 
> 
> At 08:48 AM 10/16/2001 -0400, you wrote:
> >May I ask a ridiculously stupid question?
> >
> >I have seen this four digit mask many times, but I am only familiar with the
> >function of the last three digits - what in the heck is the first digit
> >for??
> >
> >Thanks
> >
> >Charles
> >
> >-----Original Message-----
> >From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
> >Behalf Of Chris Ditri
> >Sent: Tuesday, October 16, 2001 8:33 AM
> >To: samba at lists.samba.org
> >Subject: directory mask = 2770
> >
> >
> >Hello everyone.
> >
> >I am using Samba 2.0.7 on a RedHat 6.2 machine. I wanted to apply a
> >directory mask of 2770 to everything created in a share.  The root
> >directory of this share already has these permissions.  I want to have it
> >so that everything created in a certain directory has the permissions of
> >the group of the creator.
> >
> >As it stands, I do have the directory mask = 2770 line in the smb.conf
> >regarding this share, and as I said, the 2770 permissions on the parent
> >directory (that I set manually).  Files created in this share wind up with
> >the perms of 770 instead of 2770, but do take the group of the parent
> >directory. BUT if someone creates a directory within that directory, the
> >perms are 770 and the group is not inherited from the parent.
> >
> >Now I know what you are thinking:  "Why doesn't he just use the 'force
> >group' setting." Suffice it to say, it doesn't suit my needs in this
> >instance.  If you want the long version, I can post that too, I just didn't
> >want to waste people's time.
> >
> >Can samba support a directory mask of 2770?  If so, what am I doing wrong?
> >
> >Thanks!
> >
> >
> >Chris
> >
> >A snippet of smb.conf:
> >
> >[share]
> >path=/share
> >browseable =no
> >force user = %U
> >create mask = 0770
> >directory mask = 2770
> >admin users = chrisd,kurtk,administrator,zena
> >valid users = chrisd,kurtk,administrator,zena,+homeshare
> >
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> >
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 


               _(_)_                          wWWWw   _
   @@@@       (_)@(_)   vVVVv     _     @@@@  (___) _(_)_
  @@()@@ wWWWw  (_)\    (___)   _(_)_  @@()@@   Y  (_)@(_)
   @@@@  (___)     `|/    Y    (_)@(_)  @@@@   \|/   (_)\
    /      Y       \|    \|/    /(_)    \|      |/      |
 \ |     \ |/       | / \ | /  \|/       |/    \|      \|/
jgs|//   \\|///  \\\|//\\\|/// \|///  \\\|//  \\|//  \\\|// 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^




More information about the samba mailing list