[Samba] Fun with permissions

Mike Woods mike at equate-it.com
Wed Apr 1 15:06:01 GMT 2009

Firstly, hello! :)

I've been trying to setup a share with permissions to allow users within 
the web group to be able to put files up, have full access to their own 
files but read only access to other users files, I've got what I think 
should work, but it's not (hence this post).

The relevant section of the config is as follows

    comment = Common Area
    writable = yes
    browseable = yes
    path = /Store/Shares/common
    vfs objects = recycle
    create mask = 0740
    directory mask = 0740
    valid users = @web
    force user = %U
    force group = web
    recycle:keeptree = Yes
    recycle:repository = TheBin
    recycle:noversions = *.doc|*.xls|*.ppt
    recycle:excludedir = /tmp|/temp|/cache
    recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??
    recycle:maxsize = 0
    recycle:versions = Yes
    recycle:touch = Yes

Within the web group there are users stuart and mike, i've been mounting 
common in two places (/mnt/tmp and /mnt/tmp2) under different users, 
when I create a file as stuart(bob.txt in tmp2) it gets created on the 
server with 0740 permissions and correct ownership however if I try and 
delete the file as mike (from tmp) it allows this even though mike 
should have only read permissions.

Am I missing something here (possibly something painfully obvious as 
tends to be the way of things!)

This is all running on a gentoo box ( kernel 2.6.23-gentoo-r9 ) with 
samba 3.0.33 and a freebsd 7.0 client (using mount_smbfs)

Mike Woods
Systems Administrator

More information about the samba mailing list