[Samba] 'inherit owner' doesn't play nice with 'force directory mode'
Liutauras Adomaitis
liutauras.adomaitis at gmail.com
Tue Aug 18 00:50:31 MDT 2009
On Tue, Aug 18, 2009 at 8:48 AM, jw<jwdevel at gmail.com> wrote:
> Hello
> I am trying to create a 'dropbox' share, using the sticky bit and
> 'inherit owner'.
>
> By themselves they work, but when a directory is created in this
> share, its permissions are not quite what I need.
> Therefore, I try to use 'force directory mode' or 'inherit permissions'.
> However, whenever I do that, the owner on the newly-created directory
> is no longer correct w/regard to 'inherit owner'.
>
> Is this correct behavior, or a bug?
>
> Here are details:
>
> The directory I'm sharing:
> drwsrwsr-t 2 nobody sambaguest 512 Aug 17 22:18 myshare
>
> My smb.config (well, the relevant part):
>
> # ... snip
> guest account = sambaguest
> # ... snip
> [myshare]
> comment = my share
> path = /path/to/myshare
> public = yes
> read only = no
> writable = yes
> browseable = yes
> printable = no
> inherit owner = yes
> #inherit permissions = yes
> #directory mode = 3770
> #force directory mode = 3770
>
> As it is written above, when I create a directory from a windows box
> it looks like:
>
> drwxr-xr-x 2 nobody sambaguest 512 Aug 17 22:19 New Folder
>
> Correct ownership but I want group write and the sticky bit to be set,
> as in the parent directory.
> So I uncomment 'inherit permissions', create another directory, and get:
>
> drwxr-xr-x 2 nobody sambaguest 512 Aug 17 22:26 New Folder (2)
>
> No change. Anyone know why inherit permissions would have no effect here?
> I would expect the sticky bit, sgid, and the group-write of the parent
> directory to apply to the new directory.
>
> So I comment 'inherit permissions' back out, and instead try the pair
> of lines with 'directory mode' and 'force directory mode'.
> Then a newly created dir looks like:
>
> drwxrwsr-t 2 sambaguest sambaguest 512 Aug 17 22:32 New Folder (3)
>
> ARG! Perfect permissions, but the user is wrong, which lets people
> modify (rename, delete, etc) the directory. Normally, the sticky bit
> would prevent this since the owner would be 'nobody'. But now the
> owner is 'sambaguest', so users can wreak havoc on these newly created
> dirs...
>
> Can anybody explain to me what I'm missing?
> I have researched this a bit and tried various things, but nothing has
> worked so far...
>
> This is Samba 3.3.6 on FreeBSD 7.2-RELEASE
>
> Thanks,
> John
> --
force user = nobody
maybe this could help you?
More information about the samba
mailing list