[Samba] file permissions with inherit permission + ACL's

Ralf Gross Ralf-Lists at ralfgross.de
Wed Apr 18 15:45:11 GMT 2007


Hi,

I have a share (testshare) where different unix groups (testgroup1,
testgroup2) should have access to. But I want that new files are only
created with 660 permissions.

Here are the ACL's of testshare:

# file: testshare
# owner: ralfgro
# group: ve
user::rwx
group::rwx
group:testgroup1:rwx
group:testgroup2:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:testgroup1:rwx
default:group:testgroup2:rwx
default:mask::rwx
default:other::---

I created a new directory and a new file in this share.

drwxrws---+ 2 ralfgro ve    6 2007-04-18 17:28 testdir
-rwxrwx---+ 1 ralfgro ve    0 2007-04-18 17:28 testfile.txt


# file: testdir
# owner: ralfgro
# group: ve
user::rwx
group::---
group:testgroup1:rwx
group:testgroup2:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:testgroup1:rwx
default:group:testgroup2:rwx
default:mask::rwx
default:other::---

The permissions of this new directory are fine. But new files should be
created with 660 permissions, not 770.

# file: testfile.txt
# owner: ralfgro
# group: ve
user::rwx
group::---
group:testgroup1:rwx
group:testgroup2:rwx
mask::rwx
other::---



This is the relevant part of smb.conf:

[testshare]
        force create mode = 0660
        create mask = 0660
        force directory mode = 2770
        directory security mask = 2770
        force directory security mode = 0000
        directory mask = 2770
        force security mode = 0000
        security mask = 0770
        inherit acls = yes
        inherit permissions = yes
        map archive = no
        map system = no
	...

Some of the options might be needless now, but I needed them as I
used 'force group = ...' instead of 'inherit permissions'.


I already played with the default mask ACL, but then I always ended with no
executable bit on files _and_ directories which denies access to the new
created directories... 

Any ideas?

Ralf


More information about the samba mailing list