[Samba] DOS/Windows Archive bits, and file ownership

Craig White craigwhite at azapple.com
Thu Apr 6 23:44:20 GMT 2006

On Thu, 2006-04-06 at 15:46 -0700, Greg Sloop wrote:
> Preamble:
> I've done a lot of looking round news-group archives etc, and I haven't found a definitive answer on this question:
> My environment:
> Clients are all Windows boxes.
> Assume backup of the "share" is a Windows based client. It relies on
> the DOS Archive bit to determine Diff/Incr backup selections. (User
> Execute bit in Linux)
> Goal: Allow users to "own" their files and allow for "automagic"
> modification of the archive bit by non-owners of the file when they
> modify the file using the Windows application or by the backup
> application.
> Example:
> Joe creates a file called "JoeFile.txt"
> Joe is listed as the owner, but the group is "AdmGroup" for example.
> Fred is also a member of "AdmGroup"
> Thus, Fred can modify/delete/etc "JoeFile.txt"
> The problem comes when we look at the archive bit. 
> As above, Fred can modify "JoeFile.txt" even though he's not the
> owner, but he can't change permissions and modify the archive bit.
> Create mask on the share is: 770 (I know, 760 would be sufficient for just the archive bit, but I'll take the system bit too, a long as I'm here...)
> This will allow the owner to change the archive bits, but no-one else.
> I believe I've tested, albeit a while back, the "dos filemode" parameter too.
> IIRC, it would allow you to manually change the archive bits, by going
> and setting the properties directly - say via Windows Exploter.
> It wouldn't, however, allow for the applications, at least for those
> that I tested, to change the archive bits on files unless the user
> doing the modifications was also the owner.
> ---
> I have ways around this, by using "force user" for the whole share,
> but this really seems like a brute-force way to do things. It also
> makes it impossible to determine who really owns the files, and who is
> killing us on space - which always happens.
> Further, the force-user there are other reasons which I won't bore you
> with, why I don't care for "force user."
> ---
> So, is this a live-with-it, as-designed bug that I just have to work
> around, or is there some more elegant solution that I've not
> recognized yet? (Or, perhaps more likely, have I just missed something
> really stupid that I'm doing wrong.)
> If more details are required, I'll be glad to provide what's needed.
I think 'create mask' would give you what you want.

see the details for its usage in the man page for smb.conf


More information about the samba mailing list