[Samba] file permissions with inherit permission + ACL's
Ralf Gross
Ralf-Lists at ralfgross.de
Wed Apr 18 15:45:11 GMT 2007
Hi,
I have a share (testshare) where different unix groups (testgroup1,
testgroup2) should have access to. But I want that new files are only
created with 660 permissions.
Here are the ACL's of testshare:
# file: testshare
# owner: ralfgro
# group: ve
user::rwx
group::rwx
group:testgroup1:rwx
group:testgroup2:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:testgroup1:rwx
default:group:testgroup2:rwx
default:mask::rwx
default:other::---
I created a new directory and a new file in this share.
drwxrws---+ 2 ralfgro ve 6 2007-04-18 17:28 testdir
-rwxrwx---+ 1 ralfgro ve 0 2007-04-18 17:28 testfile.txt
# file: testdir
# owner: ralfgro
# group: ve
user::rwx
group::---
group:testgroup1:rwx
group:testgroup2:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:testgroup1:rwx
default:group:testgroup2:rwx
default:mask::rwx
default:other::---
The permissions of this new directory are fine. But new files should be
created with 660 permissions, not 770.
# file: testfile.txt
# owner: ralfgro
# group: ve
user::rwx
group::---
group:testgroup1:rwx
group:testgroup2:rwx
mask::rwx
other::---
This is the relevant part of smb.conf:
[testshare]
force create mode = 0660
create mask = 0660
force directory mode = 2770
directory security mask = 2770
force directory security mode = 0000
directory mask = 2770
force security mode = 0000
security mask = 0770
inherit acls = yes
inherit permissions = yes
map archive = no
map system = no
...
Some of the options might be needless now, but I needed them as I
used 'force group = ...' instead of 'inherit permissions'.
I already played with the default mask ACL, but then I always ended with no
executable bit on files _and_ directories which denies access to the new
created directories...
Any ideas?
Ralf
More information about the samba
mailing list