directory mask = 2770

Charles Marcus CharlesM at
Tue Oct 16 12:14:04 GMT 2001

Ah, the lightbulb just went on!  I think...

I haven't had to time to go do any of the suggested reading, but...

Just so I'm clear - this works both for directory masks as well as
permissions?  For example, if I wanted the directory mask to set the uid and
gid for all files created to the same as is currently held by the directory,
then I would set this bit to 6?

Also, this bit is cumulative, just like the others, correct?  If so, then I
get those two, but I'll still have to go read about how/when to use the
sticky bit.

Thanks Chris!


-----Original Message-----
From: samba-admin at [mailto:samba-admin at]On
Behalf Of Chris Ditri
Sent: Tuesday, October 16, 2001 10:12 AM
To: samba at
Subject: RE: directory mask = 2770


The first digit, in this case '2' sets the directory guid.

Since I'm sure that means nothing to you (It didn't to me at first!), I
will explain a little further.

When the guid is set the file in question, if executed, is executed as if
you were a member of that file's group.  (Rember, every file has a user and
group associated with it, do an "ls -l" anywhere in Unix, and you will see
this).  The effect that this has upon directories is this:  every file
created underneath that directory takes the group of the parent directory.

For an experiment, try this:
# touch hello
# ls -l hello
         (the output is something like:  -rwxr-xr-x hello)
# chmod 2770 hello
# ls -l hello
         (the output is something like:          -rwxrws--- hello)

Notice the 's'.  that means the guid (group user id) is set.

You can also set perms to 4XXX (e.g. 4770) to set the user ID (set uid or
This executes a file as if you were that user.

Play with it, it is cool, but be careful when setting SUID for root!  It
can cause security issues.


At 08:48 AM 10/16/2001 -0400, you wrote:
>May I ask a ridiculously stupid question?
>I have seen this four digit mask many times, but I am only familiar with
>function of the last three digits - what in the heck is the first digit
>-----Original Message-----
>From: samba-admin at [mailto:samba-admin at]On
>Behalf Of Chris Ditri
>Sent: Tuesday, October 16, 2001 8:33 AM
>To: samba at
>Subject: directory mask = 2770
>Hello everyone.
>I am using Samba 2.0.7 on a RedHat 6.2 machine. I wanted to apply a
>directory mask of 2770 to everything created in a share.  The root
>directory of this share already has these permissions.  I want to have it
>so that everything created in a certain directory has the permissions of
>the group of the creator.
>As it stands, I do have the directory mask = 2770 line in the smb.conf
>regarding this share, and as I said, the 2770 permissions on the parent
>directory (that I set manually).  Files created in this share wind up with
>the perms of 770 instead of 2770, but do take the group of the parent
>directory. BUT if someone creates a directory within that directory, the
>perms are 770 and the group is not inherited from the parent.
>Now I know what you are thinking:  "Why doesn't he just use the 'force
>group' setting." Suffice it to say, it doesn't suit my needs in this
>instance.  If you want the long version, I can post that too, I just didn't
>want to waste people's time.
>Can samba support a directory mask of 2770?  If so, what am I doing wrong?
>A snippet of smb.conf:
>browseable =no
>force user = %U
>create mask = 0770
>directory mask = 2770
>admin users = chrisd,kurtk,administrator,zena
>valid users = chrisd,kurtk,administrator,zena,+homeshare
>To unsubscribe from this list go to the following URL and read the
>To unsubscribe from this list go to the following URL and read the

To unsubscribe from this list go to the following URL and read the

More information about the samba mailing list