[Samba] Permissions of new files on samba with other read on.

Jocelyn Diaz jiromic at yahoo.com
Sun Jun 14 00:11:25 GMT 2009 


Daniele Palumbo <daniele at retaggio.net> wrote:

>hi.
>
>I have troubles of global readable bit on new file created on samba.
>I wish to have a 660 permission on new files, instead i've got 664.
>
>also, if i create an empty files it will get 644 permmission, instead of 660.
>
>directory creation instead seems fine.
>
>Below my environmnent and tests.
>pointing to samba docs or bugs, open or closed, are REALLY welcome.
>
>----
>environment:
>Server: Debian Lenny, kernel 2.6.26-2-xen-686, samba 2:3.2.5-4lenny2
>
>Client: Ubuntu Jaunty, kernel 2.6.28-11-generic, smbclient 2:3.3.2-1ubuntu3, 
>/sbin/modinfo /lib/modules/`uname -r`/kernel/fs/cifs/cifs.ko
>filename:       /lib/modules/2.6.28-11-generic/kernel/fs/cifs/cifs.ko
>version:        1.55
>
>Share:
>---
>[produzione]
>        comment = Reparto Produzione
>        path = /home/samba/groups/produzione
>        valid users = @ntadmin, @produzione, @direzione, @tecnico, @prototipi, 
>@acquisti, @ced, @magazzino
>        write list = @ntadmin, @produzione, @acquisti, dpalumbo
>        force group = produzione
>        create mask = 0660
>        force create mode = 0660
>        directory mask = 0770
>        force directory mode = 0770
>
>[ced]
>        comment = CED
>        path = /home/samba/groups/ced
>        valid users = @ntadmin, @ced, @direzione
>        write list = @ntadmin, @ced
>        force group = ced
>        create mask = 0660
>        force create mode = 0660
>        directory mask = 0770
>        force directory mode = 0770
>---
>
>jaunty fstab:
>---
>//srv01.cemindustries.it/produzione     /media/produzione       cifs    
>rw,credentials=/etc/credentials,_netdev,umask    1 2
>//srv01.cemindustries.it/ced     /media/ced       cifs    
>rw,credentials=/etc/credentials,_netdev,umask    1 2
>---
>jaunty (grep) /etc/group
>--
>ced:x:1009:
>produzione:x:1012:
>--
>
>jaunty (grep) /etc/passwd
>--
>daniele:x:1043:1009:daniele,,,:/home/daniele:/bin/bash
>--
>daniele at daniele-desktop:~$ umask
>0022
>daniele at daniele-desktop:~$ 
>
>Now, 
>daniele at daniele-desktop:/media/produzione$ ls -l
>totale 56
>-rw-r--r-- 1 daniele produzione     0 2009-06-11 19:01 pippo
>-rw-r--r-- 1 daniele produzione     0 2009-06-11 19:01 pluto
>-rw-rw-rw- 1    1047 acquisti   51476 2009-03-27 17:10 programma 
>produzione.pdf
>daniele at daniele-desktop:/media/produzione$ 
>
>daniele at daniele-desktop:/media/produzione$ vi gastone
>daniele at daniele-desktop:/media/produzione$ ls -l gastone
>-rw-rw-r-- 1 daniele produzione 3 2009-06-11 19:02 gastone
>daniele at daniele-desktop:/media/produzione$   
>
>daniele at daniele-desktop:/media/ced$ ls -l topolino minnie
>-rw-rw-r-- 1 daniele ced 4 2009-06-11 19:02 minnie
>-rw-r--r-- 1 daniele ced 0 2009-06-11 19:02 topolino
>daniele at daniele-desktop:/media/ced$        
>
>Therefore, if i create an empty file the write group bit ----w---- is not on.
>instead, if the file have some content, the permission will be fine.
>
>In both cases i have the other read bit on ------r--, and this is really bad 
>because i do not want it.
>I can imagine that if i force the group to 'produzione', and the user is not 
>on that group, the created file can have this bit.
>I cannot understand why this happens in [ced], because the primary gid of the 
>user is ced as shown before.
>
>This is an extract log for directories:
>
>daniele at daniele-desktop:/media/produzione$ mkdir paperina
>daniele at daniele-desktop:/media/produzione$ ls -ld paperina
>drwxrwx--- 2 daniele produzione 0 2009-06-11 19:03 paperina
>daniele at daniele-desktop:/media/produzione$ cd ../ced
>daniele at daniele-desktop:/media/ced$ mkdir paperino
>daniele at daniele-desktop:/media/ced$ ls -ld paperino/
>drwxrwx--- 2 daniele ced 0 2009-06-11 19:03 paperino/
>
>So they are just fine.
>
>daniele at daniele-desktop:/media/ced$ cd paperino/
>daniele at daniele-desktop:/media/ced/paperino$ touch qui
>daniele at daniele-desktop:/media/ced/paperino$ vi quo
>daniele at daniele-desktop:/media/ced/paperino$ vi qua
>daniele at daniele-desktop:/media/ced/paperino$ ls -l
>totale 4
>-rw-rw-r-- 1 daniele ced 4 2009-06-11 19:04 qua
>-rw-r--r-- 1 daniele ced 0 2009-06-11 19:04 qui
>-rw-r--r-- 1 daniele ced 0 2009-06-11 19:04 quo
>daniele at daniele-desktop:/media/ced/paperino$ 
>
>Files in just created directories suffer from the "bug" bescribed above.
>
>any hints?
>
>Thanks a lot
>d.
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list