[Samba] file permissions with inherit permission + ACL's

Carlos Rivera-Jones carlos at sinu.com
Wed Apr 18 15:51:22 GMT 2007



"drwxrws---+ 2 ralfgro ve    6 2007-04-18 17:28 testdir"

2770 [drwxrws--] permissions will force inherit at the file level
system, ignoring Samba. Set the directory to 0770 permissions, and new
items would be created with 660 as per smb.conf

Other thing is to insure that the main group for the user is the same
for all users. 

Carlos

-----Original Message-----
From: Ralf Gross
Sent: Wednesday, April 18, 2007 11:45 AM

default:other::---

I created a new directory and a new file in this share.

drwxrws---+ 2 ralfgro ve    6 2007-04-18 17:28 testdir
-rwxrwx---+ 1 ralfgro ve    0 2007-04-18 17:28 testfile.txt


# file: testdir
# owner: ralfgro
# group: ve
user::rwx
group::---
group:testgroup1:rwx
group:testgroup2:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:testgroup1:rwx
default:group:testgroup2:rwx
default:mask::rwx
default:other::---

The permissions of this new directory are fine. But new files should be
created with 660 permissions, not 770.

# file: testfile.txt
# owner: ralfgro
# group: ve
user::rwx
group::---
group:testgroup1:rwx
group:testgroup2:rwx
mask::rwx
other::---



This is the relevant part of smb.conf:

[testshare]
        force create mode = 0660
        create mask = 0660
        force directory mode = 2770
        directory security mask = 2770
        force directory security mode = 0000
        directory mask = 2770
        force security mode = 0000
        security mask = 0770
        inherit acls = yes
        inherit permissions = yes
        map archive = no
        map system = no
	...

Some of the options might be needless now, but I needed them as I used
'force group = ...' instead of 'inherit permissions'.


I already played with the default mask ACL, but then I always ended with
no executable bit on files _and_ directories which denies access to the
new created directories... 

Any ideas?

Ralf
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list