[Samba] OSX client, Linux server, permissions problem
Brian Gregorcy
brian.gregorcy at utah.edu
Mon Sep 29 20:14:00 GMT 2008
barsalou wrote:
> I've been using samba for some time and have always had a good experience.
>
> I decided to try and configure my home network to let all my computers
> talk to the samba share.
>
> I'm stuck on one part where my OSX client, when creating new
> files/directories, won't create them writeable by the group.
>
> I've tried what seems like every combination of directory mask, force
> directory mode, etc. but I'm unable to get the OSX client to create
> folders with 770 permissions on any newly created folders.
>
> What I'd like to do is find a way to "see" all the permission's that are
> getting applied to that directory when it is getting created.
>
> This isn't a production box, so I'm willing to try anything at the moment.
>
> The good news is that it does create new files and folders...just that
> other users can't modify them.
>
> I do have logging turned up, but do not know what I should be looking for.
>
> Scenario:
>
> Client - OSX 10.5
> Server - Ubuntu 7.04, XFS mounted /home, Samba 3.026a
>
>
> Share section of smb.conf
>
> [shared]
> path = /home/shared
> available = yes
> browseable = yes
> writable = yes
> create mask = 02770
> directory mask = 02770
> force group = +shared
>
>
> Testparm results (shared section)
> [shared]
> path = /home/shared
> force group = +shared
> read only = No
>
> Hope I didn't forget anything.
>
I know this doesn't help but we are seeing the same problem, I opened a bug with apple but so far have not heard
anything back. I also sent this email to this list awhile back and did not get a response, the copy of the email I sent
is below.
--Brian
> Hi all,
>
> We are having an issue when a user writes to there home directory the permissions change to 0600, instead of 0751 that
> we have been setting in smb.conf
>
> Here is a description of the problem:
>
>> reinstalled mac osx we have:
>>
>> 1) OS 10.5.0
>> I mounted <SAMBA SERVER> with Prof Sutherlands account
>> created the folder in 1703 --> test_reinstall
>> then copied a file to the new folder: About_Stacks.pdf
>>
>> The permissions on the server for the folder are:
>>
>> 1703 # pwd
>> /home/DOMAIN/00033394/public_html/1703
>> humboldt 1703 # ls -la
>> total 116
>> drwxr-s--x 10 00033394 apache 4096 Aug 15 15:18 .
>> drwxr-s--x 18 00033394 apache 4096 Aug 14 15:04 ..
>> -rwxr-s--x 1 00033394 apache 6148 Aug 14 14:55 .DS_Store
>> -rwxr-s--x 1 00033394 apache 11152 Aug 14 13:49 CHEN_1703.html
>> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 CHEN_1703_files
>> -rwxr-s--x 1 00033394 apache 8868 Aug 14 13:49 Homework.html
>> drwxr-s--x 2 00033394 apache 155 Aug 14 13:49 Homework_files
>> -rwxr-s--x 1 00033394 apache 10300 Aug 14 13:49 Lectures.html
>> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Lectures_files
>> drwxr-s--x 2 00033394 apache 28 Aug 14 13:49 Media
>> -rwxr-s--x 1 00033394 apache 6326 Aug 14 13:49 Schedule.html
>> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Schedule_files
>> drwxr-s--x 3 00033394 apache 57 Aug 14 13:49 Scripts
>> -rwxr-s--x 1 00033394 apache 28894 Aug 14 13:49 Syllabus.html
>> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Syllabus_files
>> -rwxr-s--x 1 00033394 apache 1963 Aug 14 13:49 feed.xml
>> -rwxr-s--x 1 00033394 apache 311 Aug 14 13:49 index.html
>> drwxr-s--x 2 00033394 apache 29 Aug 15 15:18 test_reinstall
>>
>>
>> test_reinstall # ls -la
>> total 304
>> drwxr-s--x 2 00033394 apache 29 Aug 15 15:19 .
>> drwxr-s--x 10 00033394 apache 4096 Aug 15 15:18 ..
>> -rwxr----- 1 00033394 apache 303444 Aug 15 15:01 About_Stacks.pdf
>>
>> This works I can view the page:
>> http://www.che.utah.edu/~sutherland/1703/test_reinstall/
>>
>> I am going to update the mac and see what happens
>
>
>> updated to 10.5.4
>>
>> created the folder: test_reinstall_10.5.4 and the copied the file About_Stacks.pdf to it.
>>
>> perms look like this:
>> 1703 # ls -la
>> total 116
>> drwxr-s--x 11 00033394 apache 4096 Aug 15 15:33 .
>> drwxr-s--x 18 00033394 apache 4096 Aug 14 15:04 ..
>> -rwxr-x--x 1 00033394 apache 6148 Aug 15 15:22 .DS_Store
>> -rwxr-s--x 1 00033394 apache 11152 Aug 14 13:49 CHEN_1703.html
>> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 CHEN_1703_files
>> -rwxr-s--x 1 00033394 apache 8868 Aug 14 13:49 Homework.html
>> drwxr-s--x 2 00033394 apache 155 Aug 14 13:49 Homework_files
>> -rwxr-s--x 1 00033394 apache 10300 Aug 14 13:49 Lectures.html
>> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Lectures_files
>> drwxr-s--x 2 00033394 apache 28 Aug 14 13:49 Media
>> -rwxr-s--x 1 00033394 apache 6326 Aug 14 13:49 Schedule.html
>> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Schedule_files
>> drwxr-s--x 3 00033394 apache 57 Aug 14 13:49 Scripts
>> -rwxr-s--x 1 00033394 apache 28894 Aug 14 13:49 Syllabus.html
>> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Syllabus_files
>> -rwxr-s--x 1 00033394 apache 1963 Aug 14 13:49 feed.xml
>> -rwxr-s--x 1 00033394 apache 311 Aug 14 13:49 index.html
>> drwxr-s--x 2 00033394 apache 29 Aug 15 15:19 test_reinstall
>> drwxr-xr-x 2 00033394 apache 29 Aug 15 15:33 test_reinstall_10.5.4
>>
>>
>> *Note that the sticky bit is gone and has been replaced the execute bit The perms on the file:
>> test_reinstall_10.5.4 # pwd
>> /home/DOMAIN/00033394/public_html/1703/test_reinstall_10.5.4
>> humboldt test_reinstall_10.5.4 # ls -la
>> total 304
>> drwxr-xr-x 2 00033394 apache 29 Aug 15 15:33 .
>> drwxr-s--x 11 00033394 apache 4096 Aug 15 15:33 ..
>> -rw------- 1 00033394 domain users 303444 Aug 15 15:01 About_Stacks.pdf
>>
>> apache is not the group and the perms are 0700, this page will not work. The
>> issue is that the mac is dropping the sticky bit and since the sticky bit is
>> gone the files are being created with the wrong perms.
>
>
> Here is my smb.conf
>
>> [global]
>> workgroup = DOMAIN
>> netbios name = SERVER
>> realm = REALM
>> server string = CHE file server
>> security = ADS
>> preferred master = no
>> client use spnego = yes
>> server signing = auto
>> encrypt passwords = yes
>> nt acl support = yes
>> acl map full control = yes
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> template shell = /bin/false
>> password server = DNS1 DNS2 *
>> log level = 3
>> log file = /var/log/samba/%m
>> max log size = 100
>> preferred master = No
>> dns proxy = No
>> wins server = WINS1 WINS2
>>
>> ; Winbind Settings
>> winbind cache time = 0
>> winbind nested groups = yes
>> allow trusted domains = No
>> idmap backend = idmap_rid:DOMAIN=500-100000000
>> idmap uid = 500-100000000
>> idmap gid = 500-100000000
>> template shell = /bin/bash
>> winbind use default domain = Yes
>> winbind separator = +
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind use default domain = yes
>> obey pam restrictions = yes
>> template homedir = /home/%D/%U
>> logon path = \\%L\profiles\%U\%a
>> logon drive = X:
>>
>> # For printers
>> printcap name = /dev/null
>> load printers = no
>> printing = bsd
>
>
>
>
>
>> [homes]
>> comment = Home Directories
>> valid users = %D+%U
>> path = /home/%D/%U
>> read only = no
>> browseable = no
>> root preexec = /etc/samba/mkhomedir.sh '%U'
>> writable = yes
>> directory mask = 0771
>> force directory mode = 0771
>> create mask = 0751
>> #security mask = 0771
>> inherit permissions = yes
>> veto files = /*.blessed/*.forward/*.bash_history/*.bash_logout/*.bash_profile/*.bashrc/
>> invalid users = bin daemon nobody named sys tty disk mem kmem users
>
>
More information about the samba
mailing list