[Samba] mac client and inherited permissions
Charles Weber
chaweber at gmail.com
Thu Nov 19 09:58:52 MST 2009
Hi everyone,
We are a longtime samba/win desktop shop but are getting more Macs.
Samba sernet rpms 3.3.9 on CentOS 5.4 test box (started to test 3.43
but will wait) and I confirmed a problem I have been having in
production.
Server is ADS member with ldap stored idmap. All AD auth and idmap are
identical to production servers and have been working fine for years.
Filesystem is XFS and there are no acls applied in this test.
Problem:
Windows clients honor SGID and inherit/create mask statements. Mac
10.6.2 or 10.5.8 clients do not seem to.
Test share properties:
[ncts]
path = /share/ncts
valid users = "+NIH\NIA IRP ncts"
write list = "+NIH\NIA IRP ncts"
read only = No
acl group control = Yes
create mask = 0770
force create mode = 0770 ## added just for test
directory mask = 0770
force directory mode = 0770 ## added just for test
inherit permissions = Yes
inherit acls = Yes
map acl inherit = Yes
veto files = /*.m4a/*.mp3
veto oplock files = /*.mdb/*.MDB/*.fp?/*.FP?/*.tif/*.TIF/*.par/*.PAR/
*.xls/*.XLS/*.pst/*.PST/*.pab/*.PAB/
store dos attributes = Yes
dos filemode = Yes
share top level permissions:
drwxrws--- 8 root nia irp ncts 89 Nov 19 11:11 ncts
windows directory created from winxp current patchlevel:
drwxrws--- 2 weberc nia irp ncts 6 Nov 19 10:49 cwwin1
mac directories created from Mac:
cw[1-3] from 10.5.8
cwm6[2-3] from 10.6.2
drwxr-xr-x 2 weberc nia irp ncts 6 Nov 19 10:32 cw1
drwxr-xr-x 2 weberc nia irp ncts 6 Nov 19 10:39 cw2
drwxr-xr-x 2 weberc nia irp ncts 6 Nov 19 10:42 cw3
drwxr-xr-x 2 weberc nia irp ncts 6 Nov 19 11:03 cwm62
drwxr-xr-x 2 weberc nia irp ncts 6 Nov 19 11:11 cwm63
So the sgid does not get transmitted and even with the "force
directory mode" rights do not get set.
Any ideas about what I have missed?
Thanks,
Chuck
More information about the samba
mailing list