[Samba] mode & mask

lejeczek peljasz at yahoo.co.uk
Fri Mar 30 05:29:54 MDT 2012 

actually it gets even more weird, from my perspective at least
maybe it all works but not for empty folders
if there are no subfolders then everyone authenticated has 
full control, can delete the folder
permissions seem to begin to apply as soon as some content 
ends up the folder

but there is another thing

test\
     testA
         test.txt
     testB
         test.txt

if a user B was given, with means of windows client, 
'Modify' permission over testB and then this user creates 
test.txt in this testB folder, then nobody has access to the 
file apart from listing it, cannot open/read it

testA remained intact, userA created testA and test.txt in 
it and everybody can open/read test.txt

it seems like at the point where windows acl are added, by 
adding a user/permission to folder, that newly created file 
by that added user gets unix acl like this

# file: testB\test.txt
# owner: my_Buser
# group: Domain\040Users
user::rwx
user:my_Buser:rwx
group::---
mask::rwx
other::---

whereas testA\test.txt has no ACLs yet, in other words has:

# owner: my_Auser
# group: Domain\040Users
user::rwx
group::r--
other::r--


how to tell samba to make it readable to the group, by 
default, at file creation time?

many thanks




On 30/03/12 11:30, lejeczek wrote:
> dear all
>
> trivial kind of question for which I do apologize, but 
> it's sort of puzzling
>
> in a share when a windows client creates something samba 
> sets it as 755, yet another user can still delete, in this 
> case a folder
>
> which part of configuration fixes it so it would behave as 
> expected?
>
> what I have by default is:
>
> acl check permissions = Yes
>         acl group control = No
>         acl map full control = Yes
>         create mask = 0744
>         force create mode = 00
>         security mask = 0777
>         force security mode = 00
>         directory mask = 0755
>         force directory mode = 00
>         directory security mask = 0777
>         force directory security mode = 00
>         force unknown acl user = No
>         inherit permissions = No
>         inherit acls = No
>         inherit owner = No
>
> cheers
>

More information about the samba mailing list