[Samba] "force create mode" not enforced from linux client

Steve Snyder swsnyder at insightbb.com
Wed Dec 19 14:45:11 GMT 2007 

My Samba v3.0.25b (in CentOS v5.1) has the smb.conf shown below.  What
I'm seeing is that "force create mode" is not enforced when accessed by
a Linux CIFS client (Fedora 7).

On the server, user steve has a home directory of /home/steve, and the public
directory is /home/samba/public.

The shares are mounted from the client fstab like this:

//nemesis/steve  /mnt/cifs/myhome   cifs     credentials=/etc/fstab.cifs    0 0
//nemesis/public /mnt/cifs/public   cifs     credentials=/etc/fstab.cifs    0 0

This is the view of a file on this client:

$ ll testfile
-rw-r--r-- 1 steve users 21 2007-12-19 09:11 testfile

When this file is copied to either share its permissions should be
changed by the "force create mode" parameter in each share definition.

Now the test file is copied to each share.  I use the '-p' switch,
which preserves the timestamp and permissions.  The Samba server should
override these permissions as specified in each share, right?

$ cp -p testfile /mnt/cifs/myhome/
cp: setting permissions for `/mnt/cifs/myhome/testfile': Permission denied
$ cp -p testfile /mnt/cifs/public/
cp: cannot create regular file `/mnt/cifs/public/testfile': Permission denied

The copy correctly complains about the permissions, since they are
enforced on the server.  But look which permissions are enforced:

$ ll /mnt/cifs/myhome/testfile /mnt/cifs/public/testfile
-rwx------ 1 steve users 21 2007-12-19 09:11 /mnt/cifs/myhome/testfile
-rw--w--w- 1 steve users 21 2007-12-19 09:11 /mnt/cifs/public/testfile

Here we see that the user share has the permissions correctly enforced
while the public share does not (should be 666).

After deleting the copies on the server, I'll copy the files again, but
without the '-p' switch.

$ cp testfile /mnt/cifs/myhome/
$ cp testfile /mnt/cifs/public/
$ ll /mnt/cifs/myhome/testfile /mnt/cifs/public/testfile
-rwxr--r-- 1 steve users 21 2007-12-19 09:32 /mnt/cifs/myhome/testfile
-rw-rw-rw- 1 steve users 21 2007-12-19 09:32 /mnt/cifs/public/testfile

Now we see that the file on the user share has incorrect permissions
(should be 777) but the permissions on the public share are correctly
enforced.

Can someone please tell what it takes to actually enforce the
permissions specified by the "force create mode" parameter?

Thanks.

------------------------------------------------------------

[global]
   workgroup = TESTWG
   server string = Test Samba 3.0.2x

   interfaces = lo eth0
   bind interfaces only = True
   hosts deny = all
   hosts allow = 127.0.0.1 192.168.0.

   dns proxy = yes
   netbios name = nemesis
   name resolve order = hosts wins bcast
   wins support = yes

   max log size = 1024
   log file = /var/log/samba/%m.log

   security = user
   passdb backend = tdbsam
   null passwords = yes
   guest account = smbguest

   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd

   os level = 65
   local master = yes
   domain master = yes
   preferred master = yes

   time server = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

[homes]
   comment = Home Directory
   path = %H
   valid users = %S
   create mask = 0700
   directory mask = 0700
   volume = %U
   writeable = Yes
   browseable = No
   hide dot files = Yes

[public]
   comment = All Users
   path = /home/samba/public
   create mask = 0666
   force create mode = 0666
   directory mask = 0777
   force directory mode = 0777
   guest ok = Yes
   writeable = Yes

More information about the samba mailing list