[Samba] Permissions of new files on samba with other read on.
Jocelyn Diaz
jiromic at yahoo.com
Sun Jun 14 00:11:25 GMT 2009
Daniele Palumbo <daniele at retaggio.net> wrote:
>hi.
>
>I have troubles of global readable bit on new file created on samba.
>I wish to have a 660 permission on new files, instead i've got 664.
>
>also, if i create an empty files it will get 644 permmission, instead of 660.
>
>directory creation instead seems fine.
>
>Below my environmnent and tests.
>pointing to samba docs or bugs, open or closed, are REALLY welcome.
>
>----
>environment:
>Server: Debian Lenny, kernel 2.6.26-2-xen-686, samba 2:3.2.5-4lenny2
>
>Client: Ubuntu Jaunty, kernel 2.6.28-11-generic, smbclient 2:3.3.2-1ubuntu3,
>/sbin/modinfo /lib/modules/`uname -r`/kernel/fs/cifs/cifs.ko
>filename: /lib/modules/2.6.28-11-generic/kernel/fs/cifs/cifs.ko
>version: 1.55
>
>Share:
>---
>[produzione]
> comment = Reparto Produzione
> path = /home/samba/groups/produzione
> valid users = @ntadmin, @produzione, @direzione, @tecnico, @prototipi,
>@acquisti, @ced, @magazzino
> write list = @ntadmin, @produzione, @acquisti, dpalumbo
> force group = produzione
> create mask = 0660
> force create mode = 0660
> directory mask = 0770
> force directory mode = 0770
>
>[ced]
> comment = CED
> path = /home/samba/groups/ced
> valid users = @ntadmin, @ced, @direzione
> write list = @ntadmin, @ced
> force group = ced
> create mask = 0660
> force create mode = 0660
> directory mask = 0770
> force directory mode = 0770
>---
>
>jaunty fstab:
>---
>//srv01.cemindustries.it/produzione /media/produzione cifs
>rw,credentials=/etc/credentials,_netdev,umask 1 2
>//srv01.cemindustries.it/ced /media/ced cifs
>rw,credentials=/etc/credentials,_netdev,umask 1 2
>---
>jaunty (grep) /etc/group
>--
>ced:x:1009:
>produzione:x:1012:
>--
>
>jaunty (grep) /etc/passwd
>--
>daniele:x:1043:1009:daniele,,,:/home/daniele:/bin/bash
>--
>daniele at daniele-desktop:~$ umask
>0022
>daniele at daniele-desktop:~$
>
>Now,
>daniele at daniele-desktop:/media/produzione$ ls -l
>totale 56
>-rw-r--r-- 1 daniele produzione 0 2009-06-11 19:01 pippo
>-rw-r--r-- 1 daniele produzione 0 2009-06-11 19:01 pluto
>-rw-rw-rw- 1 1047 acquisti 51476 2009-03-27 17:10 programma
>produzione.pdf
>daniele at daniele-desktop:/media/produzione$
>
>daniele at daniele-desktop:/media/produzione$ vi gastone
>daniele at daniele-desktop:/media/produzione$ ls -l gastone
>-rw-rw-r-- 1 daniele produzione 3 2009-06-11 19:02 gastone
>daniele at daniele-desktop:/media/produzione$
>
>daniele at daniele-desktop:/media/ced$ ls -l topolino minnie
>-rw-rw-r-- 1 daniele ced 4 2009-06-11 19:02 minnie
>-rw-r--r-- 1 daniele ced 0 2009-06-11 19:02 topolino
>daniele at daniele-desktop:/media/ced$
>
>Therefore, if i create an empty file the write group bit ----w---- is not on.
>instead, if the file have some content, the permission will be fine.
>
>In both cases i have the other read bit on ------r--, and this is really bad
>because i do not want it.
>I can imagine that if i force the group to 'produzione', and the user is not
>on that group, the created file can have this bit.
>I cannot understand why this happens in [ced], because the primary gid of the
>user is ced as shown before.
>
>This is an extract log for directories:
>
>daniele at daniele-desktop:/media/produzione$ mkdir paperina
>daniele at daniele-desktop:/media/produzione$ ls -ld paperina
>drwxrwx--- 2 daniele produzione 0 2009-06-11 19:03 paperina
>daniele at daniele-desktop:/media/produzione$ cd ../ced
>daniele at daniele-desktop:/media/ced$ mkdir paperino
>daniele at daniele-desktop:/media/ced$ ls -ld paperino/
>drwxrwx--- 2 daniele ced 0 2009-06-11 19:03 paperino/
>
>So they are just fine.
>
>daniele at daniele-desktop:/media/ced$ cd paperino/
>daniele at daniele-desktop:/media/ced/paperino$ touch qui
>daniele at daniele-desktop:/media/ced/paperino$ vi quo
>daniele at daniele-desktop:/media/ced/paperino$ vi qua
>daniele at daniele-desktop:/media/ced/paperino$ ls -l
>totale 4
>-rw-rw-r-- 1 daniele ced 4 2009-06-11 19:04 qua
>-rw-r--r-- 1 daniele ced 0 2009-06-11 19:04 qui
>-rw-r--r-- 1 daniele ced 0 2009-06-11 19:04 quo
>daniele at daniele-desktop:/media/ced/paperino$
>
>Files in just created directories suffer from the "bug" bescribed above.
>
>any hints?
>
>Thanks a lot
>d.
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list