[Samba] force group behaviour changed in 3.5.9
Roel van Meer
rolek at bokxing.nl
Thu Sep 15 03:58:51 MDT 2011
beginning with samba 3.5.9, the behaviour or effects of the "force group"
parameter changed. The change is that with my config I can create new files
on the share but I can no longer delete (or rename) those files. With 3.5.8,
I could create and delete them.
The setup is as follows:
path = /webshare
force group = www
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
drwxrwxr-x 2 root users 4096 2011-09-15 10:55 /webshare
Access is being done by user bob, who is in group users but not in www.
So I have a directory /webshare, which is owned by root:users, with
permissions 0775. If user bob creates a file in this dir, it is owned by
bob:www, wich permissions 0664 (as expected). With samba 3.5.8 and before
bob could also delete this file again. With 3.5.9 and up (up to 3.6.0) the
delete is rejected with Permission Denied.
That the delete is denied is correct if you look at the unix permissions on
/webshare; this can be confirmed by either changing the permissions on that
dir to 777 or the group to www; in both cases the delete is allowed.
What I don't understand is: if the delete is denied, why is it allowed to
*create* files in this setup? It seems the change in 3.5.9 only affected
checking permissions on delete and rename, but not on create.
Is this expected behaviour, am I missing something, or should I file it as a
More information about the samba