[Samba] Profile directories ignore directory mask
Joseph Mesterhazy
jmesterh at iastate.edu
Wed Jul 28 15:52:12 GMT 2004
Hello,
We are running Samba 3.0.4 in ADS mode with winbind. We use roaming
profiles, stored in the [homes] share for each user in a directory
called .ntprofile. This same home directory is used for their UNIX
account. For some reason, when windows creates the roaming profile
directory (.ntprofile) it gets created with permissions 771. This is
bad, because all of our users are members of the group 'users'. This
means our users, when logged into any UNIX machine, can poke at and
modify the contents of each others profiles.
We thought we had taken care of this with the 'directory mask'
parameter. Indeed, if a user creates a new folder in their home
directory from a windows machine, it gets the proper 711 permissions.
However, for some reason, when windows creates the profile, it gets 771
permissions.
Here is our [homes] directive:
[homes]
path = /export/home/%U
read only = no
browseable = no
create mask = 0711
directory mask = 0711
valid users = %U
profile acls = yes
hide files = /DESKTOP.INI/desktop.ini/Desktop.ini
dos filemode = yes
force security mode = 0200
Is there some way to make sure that when windows creates the profile,
it gets 711 permissions instead of 771?
Thanks,
Joe
--
Joe Mesterhazy
ECpE UNIX Administrator
2101 Coover Hall, Iowa State University
Ames, IA 50011. (515) 294-7359
http://www.mesterhazy.net/
More information about the samba
mailing list