[Samba] file and directory permissions?

Daniel Mader daniel.mader at imtek.uni-freiburg.de
Wed Oct 22 18:29:50 GMT 2008 

Hello, 

we have a SLES 10SP2 setup with some collaboration shares distributed with 
Samba. In order to make sure files and folders on these shares are readable 
*and* writeable, the shares typically look like this:

[public]
	path = /home/01_public
	create mask = 740
	directory mask = 750
	force create mode = 220
	force directory mode = 770
	force group = optiker
	read list = zhang, @optiker
	write list = @optiker

With this, we want to have new or copied files to get -rw-rw---- and new or 
copied folders to get drwxrwx---.

This works OK for the Windows clients but the unixlike clients (Linux and 
MacOSX) write files with -rwxrw-r--, which is a little different from what we 
expect. Folders are allright.

The file creation works for Linux and Mac boxes, too, when the global option 
"unix extensions = no" is set. Yet, this leads to some unwanted behavior on 
the unixoid clients: they can no longer see who created a file, and what the 
actual permissions really are...

So, the question is: how can we make sure that files and folders are created 
with certain permissions for all client platforms, and without disabling unix 
extensions?

Also, it does not help to use ACLs on the share parent folders since the file 
permissions are the same as above, then...

Any help is deeply appreciated!


What follows is the global section of the smb.conf, just in case.

[global]
	add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s 
/bin/false %m$
	domain logons = Yes
	domain master = Yes
	hide dot files = yes
	hide special files = yes
	hosts allow = 127.0.0.1 192.168.173.0/24 132.230.0.0/16
	hosts deny = 0.0.0.0/0
	idmap backend = ldap:ldap://127.0.0.1
	ldap admin dn = cn=moadmin,dc=micro-optics,dc=uni
	ldap delete dn = No
	ldap group suffix = ou=gruppen
	ldap idmap suffix = ou=Idmap
	ldap machine suffix = ou=Machines
	ldap passwd sync = Yes
	ldap replication sleep = 1000
	ldap ssl = Start_tls
	ldap suffix = dc=micro-optics,dc=uni
	ldap timeout = 5
	ldap user suffix = ou=nutzer
	local master = Yes
	log level = 3
	logon drive = L:
	logon path = \\%L\%U\_msprofile
	logon script = logon.bat
	netbios name = rioja
	os level = 65
	passdb backend = ldapsam:ldap://127.0.0.1
	preferred master = Yes
	security = user
#	unix extensions = no
	wins support = Yes
	workgroup = micro-optics

[netlogon]
	comment = Network Logon Service
	path = /var/lib/samba/netlogon
	write list = root
	browsable = no

More information about the samba mailing list