[Samba] 'inherit owner' doesn't play nice with 'force directory mode'

[Jeremy Allison]

On Wed, Aug 19, 2009 at 01:41:51PM -0700, jw wrote:
> On Wed, Aug 19, 2009 at 1:35 PM, Jeremy Allison<jra at samba.org> wrote:
> > On Wed, Aug 19, 2009 at 01:29:51PM -0700, jw wrote:
> >> On Wed, Aug 19, 2009 at 11:20 AM, Jeremy Allison<jra at samba.org> wrote:
> >> Would you mind showing me your full config for your working case, and
> >> the directory permissions / ownership on your share (privately, if you
> >> like) ?
> >
> > ls -ld /tmp/myshare
> >
> > drwsrwsr-t 3 nobody eng 4096 Aug 19 11:19 /tmp/myshare
> >
> > smb.conf stanza:
> >
> > [tmpperms]
> >        path = /tmp/myshare
> >        read only = no
> >        inherit owner = yes
> >        inherit permissions = yes
> >        directory mask = 07775
> >
> > I connect with smbclient and do "mkdir foo" and I get :
> >
> > ls -ld /tmp/myshare/foo/
> >
> > drwxrwsr-t 2 nobody eng 4096 Aug 19 11:19 /tmp/myshare/foo/
> 
> But by default, samba's guest account is 'nobody', right?
> So with what you have, if you create the directory with smbclient, I
> imagine you can rename it once it's created?
> I want to prevent that.
> That is why the config in my original email has
> 
>    guest account = sambaguest
> 
> Could you try on your side again with 'guest account' set to something
> other than 'nobody' ?
> Presumably an account that is still in the 'eng' group, so the group
> write permissions still allow you to create a new directory in the
> first place.

Well I'm creating the directory with a logged in user
of "jra", who is in the "eng" group. I don't think the
setting of the guest account has anything to do with
it as I'm not logging in as guest at all.

Jeremy