[Samba] mac client and inherited permissions
Ryan Parker-Hill
ryan.parker-hill at deakin.edu.au
Thu Nov 19 15:33:45 MST 2009
Try setting unix extensions = no
unix extensions (G)
This boolean parameter controls whether Samba implments the CIFS
UNIX extensions, as defined by HP. These extensions enable Samba
to better serve UNIX CIFS clients by supporting features such as
symbolic links, hard links, etc... These extensions require a
similarly enabled client, and are of no current use to Windows
clients.
Mac's can try and be too smart for their own good.
On 20/11/2009, at 3:58 AM, Charles Weber wrote:
> Hi everyone,
> We are a longtime samba/win desktop shop but are getting more Macs.
> Samba sernet rpms 3.3.9 on CentOS 5.4 test box (started to test 3.43
> but will wait) and I confirmed a problem I have been having in
> production.
> Server is ADS member with ldap stored idmap. All AD auth and idmap are
> identical to production servers and have been working fine for years.
> Filesystem is XFS and there are no acls applied in this test.
>
> Problem:
> Windows clients honor SGID and inherit/create mask statements. Mac
> 10.6.2 or 10.5.8 clients do not seem to.
>
> Test share properties:
> [ncts]
> path = /share/ncts
> valid users = "+NIH\NIA IRP ncts"
> write list = "+NIH\NIA IRP ncts"
> read only = No
> acl group control = Yes
> create mask = 0770
> force create mode = 0770 ## added just for test
> directory mask = 0770
> force directory mode = 0770 ## added just for test
> inherit permissions = Yes
> inherit acls = Yes
> map acl inherit = Yes
> veto files = /*.m4a/*.mp3
> veto oplock files = /*.mdb/*.MDB/*.fp?/*.FP?/*.tif/*.TIF/*.par/*.PAR/
> *.xls/*.XLS/*.pst/*.PST/*.pab/*.PAB/
> store dos attributes = Yes
> dos filemode = Yes
>
> share top level permissions:
> drwxrws--- 8 root nia irp ncts 89 Nov 19 11:11 ncts
>
> windows directory created from winxp current patchlevel:
> drwxrws--- 2 weberc nia irp ncts 6 Nov 19 10:49 cwwin1
>
> mac directories created from Mac:
> cw[1-3] from 10.5.8
> cwm6[2-3] from 10.6.2
>
> drwxr-xr-x 2 weberc nia irp ncts 6 Nov 19 10:32 cw1
> drwxr-xr-x 2 weberc nia irp ncts 6 Nov 19 10:39 cw2
> drwxr-xr-x 2 weberc nia irp ncts 6 Nov 19 10:42 cw3
> drwxr-xr-x 2 weberc nia irp ncts 6 Nov 19 11:03 cwm62
> drwxr-xr-x 2 weberc nia irp ncts 6 Nov 19 11:11 cwm63
>
> So the sgid does not get transmitted and even with the "force
> directory mode" rights do not get set.
>
> Any ideas about what I have missed?
> Thanks,
> Chuck
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--------------
Ryan Parker-Hill, Unix Team Leader
Information Technology Services Division
Deakin University, Waterfront Campus, Victoria 3217 Australia.
Phone: 03 5227 8750 International: +61 3 5227 8750
Fax: 03 5227 8799 International: +61 3 5227 8799
E-mail: ryan.parker-hill at deakin.edu.au
Website: http://www.deakin.edu.au
Deakin University CRICOS Provider Code: 00113B (Vic), 02414F (NSW)
Important Notice: The contents of this email transmission, including any
attachments, are intended solely for the named addressee and are
confidential; any unauthorized use, reproduction or storage of the contents
and any attachments is expressly prohibited. If you have received this
transmission in error, please delete it and any attachments from your
system immediately and advise the sender by return email or telephone.
Deakin University does not warrant that this email and any attachments
are error or virus free.
More information about the samba
mailing list