[Samba] force group behaviour changed in 3.5.9

Roel van Meer rolek at bokxing.nl
Thu Sep 15 03:58:51 MDT 2011

Hi list,

beginning with samba 3.5.9, the behaviour or effects of the "force group" 
parameter changed. The change is that with my config I can create new files 
on the share but I can no longer delete (or rename) those files. With 3.5.8, 
I could create and delete them.

The setup is as follows:

        path = /webshare
        force group = www
        create mask = 0664
        force create mode = 0664
        directory mask = 0775
        force directory mode = 0775

drwxrwxr-x 2 root users 4096 2011-09-15 10:55 /webshare

Access is being done by user bob, who is in group users but not in www.

So I have a directory /webshare, which is owned by root:users, with 
permissions 0775. If user bob creates a file in this dir, it is owned by 
bob:www, wich permissions 0664 (as expected). With samba 3.5.8 and before 
bob could also delete this file again. With 3.5.9 and up (up to 3.6.0) the 
delete is rejected with Permission Denied.

That the delete is denied is correct if you look at the unix permissions on 
/webshare; this can be confirmed by either changing the permissions on that 
dir to 777 or the group to www; in both cases the delete is allowed.

What I don't understand is: if the delete is denied, why is it allowed to 
*create* files in this setup? It seems the change in 3.5.9 only affected 
checking permissions on delete and rename, but not on create.

Is this expected behaviour, am I missing something, or should I file it as a 

Best regards,


More information about the samba mailing list