[Samba] "force create mode" not enforced from linux client
Steve Snyder
swsnyder at insightbb.com
Wed Dec 19 14:45:11 GMT 2007
My Samba v3.0.25b (in CentOS v5.1) has the smb.conf shown below. What
I'm seeing is that "force create mode" is not enforced when accessed by
a Linux CIFS client (Fedora 7).
On the server, user steve has a home directory of /home/steve, and the public
directory is /home/samba/public.
The shares are mounted from the client fstab like this:
//nemesis/steve /mnt/cifs/myhome cifs credentials=/etc/fstab.cifs 0 0
//nemesis/public /mnt/cifs/public cifs credentials=/etc/fstab.cifs 0 0
This is the view of a file on this client:
$ ll testfile
-rw-r--r-- 1 steve users 21 2007-12-19 09:11 testfile
When this file is copied to either share its permissions should be
changed by the "force create mode" parameter in each share definition.
Now the test file is copied to each share. I use the '-p' switch,
which preserves the timestamp and permissions. The Samba server should
override these permissions as specified in each share, right?
$ cp -p testfile /mnt/cifs/myhome/
cp: setting permissions for `/mnt/cifs/myhome/testfile': Permission denied
$ cp -p testfile /mnt/cifs/public/
cp: cannot create regular file `/mnt/cifs/public/testfile': Permission denied
The copy correctly complains about the permissions, since they are
enforced on the server. But look which permissions are enforced:
$ ll /mnt/cifs/myhome/testfile /mnt/cifs/public/testfile
-rwx------ 1 steve users 21 2007-12-19 09:11 /mnt/cifs/myhome/testfile
-rw--w--w- 1 steve users 21 2007-12-19 09:11 /mnt/cifs/public/testfile
Here we see that the user share has the permissions correctly enforced
while the public share does not (should be 666).
After deleting the copies on the server, I'll copy the files again, but
without the '-p' switch.
$ cp testfile /mnt/cifs/myhome/
$ cp testfile /mnt/cifs/public/
$ ll /mnt/cifs/myhome/testfile /mnt/cifs/public/testfile
-rwxr--r-- 1 steve users 21 2007-12-19 09:32 /mnt/cifs/myhome/testfile
-rw-rw-rw- 1 steve users 21 2007-12-19 09:32 /mnt/cifs/public/testfile
Now we see that the file on the user share has incorrect permissions
(should be 777) but the permissions on the public share are correctly
enforced.
Can someone please tell what it takes to actually enforce the
permissions specified by the "force create mode" parameter?
Thanks.
------------------------------------------------------------
[global]
workgroup = TESTWG
server string = Test Samba 3.0.2x
interfaces = lo eth0
bind interfaces only = True
hosts deny = all
hosts allow = 127.0.0.1 192.168.0.
dns proxy = yes
netbios name = nemesis
name resolve order = hosts wins bcast
wins support = yes
max log size = 1024
log file = /var/log/samba/%m.log
security = user
passdb backend = tdbsam
null passwords = yes
guest account = smbguest
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
os level = 65
local master = yes
domain master = yes
preferred master = yes
time server = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[homes]
comment = Home Directory
path = %H
valid users = %S
create mask = 0700
directory mask = 0700
volume = %U
writeable = Yes
browseable = No
hide dot files = Yes
[public]
comment = All Users
path = /home/samba/public
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
guest ok = Yes
writeable = Yes
More information about the samba
mailing list