[Samba] folder permissions with Windows client, Samba server

Dale Schroeder dale at BriannasSaladDressing.com
Wed Mar 10 13:04:30 MST 2010

On 03/10/2010 1:12 PM, Jim Salter wrote:
> Hi list -
> I've been using Samba since 2.x in the early 2000's, and a papercut I 
> had eight years ago still plagues me today - when anyone on a Windows 
> client right-clicks a folder on a Samba share and tries to view or 
> change its permissions, it doesn't work right.  The folder appears to 
> have no permissions enabled for owner, group, or world (regardless of 
> what the permissions actually are - and in fact, the Windows user can 
> modify the folder or files in it without difficulty).

The user must click on the "Advanced" button on the Security tab to 
display and modify folder permissions.  Note that file permissions do 
appear on the Security tab.

>   Worse, if the Windows user attempts to SET permissions on the 
> folder, the folder will end up with a completely different (and 
> generally completely unusable) set of permissions; chmod 700 and chown 
> root, if I recall correctly - so then the hapless user who tried to 
> set permissions on a folder that he or she could access just fine is 
> locked out of that folder completely until someone shells into the 
> Samba server and resets permissions from the command line.
> I have seen this exact behavior on Samba 2.x / FreeBSD 4.x, 5.x, and 
> 6.x, both with and without ACLs enabled on the underlying filesystem, 
> and just this week when I set up a Samba 3.4.0 server from the Ubuntu 
> 9.10 repositories, successfully joined it to a Windows 2003 domain 
> with Kerberos working and Winbind mapping UIDs and GIDs properly... I 
> STILL had the problem with the Windows GUI for setting folder 
> permissions not mapping correctly!
> Is this something I just have to live with, or is there something I 
> don't understand about configuring Samba that would avoid this issue?

You can also fine tune your default permissions.  Check into the inherit 
parameters for owner/group and mask/mode parameters for files and 


> The smb.conf for the Ubuntu server I mentioned just now is unchanged 
> from the default conf file shipping from the repository, with these 
> exceptions:
> ####### Authentication #######
>        security = ads
>        realm = DOMAIN.LOCAL
>        password server =
> # note that workgroup is the 'short' domain name
>        workgroup = DOMAIN
> #       winbind separator = +
>        idmap uid = 10000-20000
>        idmap gid = 10000-20000
>        winbind enum users = yes
>        winbind enum groups = yes
>        template homedir = /home/%D/%U
>        template shell = /bin/bash
>        client use spnego = yes
>        client ntlmv2 auth = yes
>        encrypt passwords = yes
>        winbind use default domain = yes
>        restrict anonymous = 2
> [smbshare]
>    comment = root of the Samba-accessible data storage
>    read only = no
>    writeable = yes
>    path = /data/smbshare
>    guest ok = no

More information about the samba mailing list