[Samba] 'inherit owner' doesn't play nice with 'force directory mode'

jw jwdevel at gmail.com
Mon Aug 17 23:48:04 MDT 2009


Hello
I am trying to create a 'dropbox' share, using the sticky bit and
'inherit owner'.

By themselves they work, but when a directory is created in this
share, its permissions are not quite what I need.
Therefore, I try to use 'force directory mode' or 'inherit permissions'.
However, whenever I do that, the owner on the newly-created directory
is no longer correct w/regard to 'inherit owner'.

Is this correct behavior, or a bug?

Here are details:

The directory I'm sharing:
   drwsrwsr-t  2 nobody  sambaguest   512 Aug 17 22:18 myshare

My smb.config (well, the relevant part):

# ... snip
  guest account = sambaguest
# ... snip
[myshare]
 comment = my share
 path = /path/to/myshare
 public = yes
 read only = no
 writable = yes
 browseable = yes
 printable = no
 inherit owner = yes
 #inherit permissions = yes
 #directory mode = 3770
 #force directory mode = 3770

As it is written above, when I create a directory from a windows box
it looks like:

   drwxr-xr-x  2 nobody  sambaguest  512 Aug 17 22:19 New Folder

Correct ownership but I want group write and the sticky bit to be set,
as in the parent directory.
So I uncomment 'inherit permissions', create another directory, and get:

   drwxr-xr-x  2 nobody  sambaguest  512 Aug 17 22:26 New Folder (2)

No change. Anyone know why inherit permissions would have no effect here?
I would expect the sticky bit, sgid, and the group-write of the parent
directory to apply to the new directory.

So I comment 'inherit permissions' back out, and instead try the pair
of lines with 'directory mode' and 'force directory mode'.
Then a newly created dir looks like:

   drwxrwsr-t  2 sambaguest  sambaguest  512 Aug 17 22:32 New Folder (3)

ARG! Perfect permissions, but the user is wrong, which lets people
modify (rename, delete, etc) the directory. Normally, the sticky bit
would prevent this since the owner would be 'nobody'. But now the
owner is 'sambaguest', so users can wreak havoc on these newly created
dirs...

Can anybody explain to me what I'm missing?
I have researched this a bit and tried various things, but nothing has
worked so far...

This is Samba 3.3.6 on FreeBSD 7.2-RELEASE

Thanks,
John


More information about the samba mailing list