[Samba] Thunderbird 24.0 for Windows seems to ignore Samba4.0.9 permissions settings

Kevin Field kev at brantaero.com
Thu Sep 26 11:48:45 MDT 2013

On 2013-09-25 8:03 PM, Kevin Field wrote:
> On 2013-09-25 2:47 PM, Johan Hendriks wrote:
>> Kevin Field wrote:
>>> Hi,
>>> I have a CentOS 6.4 fileserver running SerNet Samba 4.0.9 with these
>>> global settings (not overridden):
>>>         read only = No
>>>         force create mode = 0777
>>>         force directory mode = 0777
>>>         inherit acls = yes
>>>         inherit owner = yes
>>>         inherit permissions = yes
>>> On a Windows client, I have Thunderbird 24.0 storing its profile and
>>> mail on the Samba share.  The perms on everything in the share were
>>> chmod -R 777'd.
>>> Then I get mail, compact a folder, whatever, and it looks like this:
> ...
>>> -rwxrwxrwx. 1 1128 513     2684 Sep 25 13:20 Templates.msf
>>> -rwxrwx---+ 1 1128 513        0 Sep 25 13:50 Trash
>>> -rwxrwx---+ 1 1128 513     2223 Sep 25 13:50 Trash.msf
>>> Whatever it touches is now 770.  How can that be, when the parent of
>>> this folder is 777, Samba is set to inherit and force 0777?  Is this
>>> Samba misbehaving, or Thunderbird?
>>> Thanks,
>>> Kev
>> It looks like the you have acl's active, hence the + after the
>> permissions rwxrwx---+ .
>> These acls overrule the local permissions set by samba.
>> Not samba not thundebird is misbehaving.
>> regards
>> Johan Hendriks
> I only partially understand.  I get that + means some extended ACLs.  I
> don't get why Samba/Thunderbird makes the file 770 instead of 777.  What
> I really don't get, though, is--since you mentioned ACLs I went and
> checked some example files in Windows--that despite the 777 files having
> "Everyone" with no settings, the 770 files have "Everyone" with "Full
> Control", not inherited!  I certainly didn't intend that for a user's
> mail profile :)  (Really though, I didn't set things up that way from
> the Windows side--this is someone's home drive, in which they have full
> control, and I didn't touch the defaults, but I certainly didn't put
> Everyone in there, and certainly not with Full Control.)
> Where did this come from?
> possibility a) smb.conf, in which case I don't understand the settings I
> posted here
> possibility b) ACLs set by me, which I can't see being the case because
> our setup is so simple*
> possibility c) ?
> * Now just in case, and barring any Group Policy suggestions, what's the
> easiest way to, either from Windows or Linux, set it up so that admins
> have Full Control over every file, and home drives additionally have
> Full Control of the user having the same name as the home dir, and the
> 'shared' drive has Everyone having Full Control?  So far, because our
> network is so small, I had done this manually in the past, but it's a
> bit of a PITA to do again at this point, since each user's home dir
> takes a few minutes to propagate ACL changes through if I use Windows
> GUI tools and meanwhile semi-hangs the UI.  I don't really care how the
> perms look on the Linux end of things, since users only have access via
> Windows clients.
>  From what you said about ACLs overruling, to me it would seem that our
> setup is simple enough that we shouldn't need "+"/Windows ACLs at all,
> because the normal unix ACLs are more than enough for our purposes,
> except that currently, Windows users don't get properly mapped, mainly
> because their Linux equivalents don't necessarily exist (e.g. for most
> users they don't have a CentOS login, but I do and the "users" group and
> such could map from "Domain Users", I guess.)  Or even if Linux perms
> were the same everywhere, and smb.conf enforced the rules so they came
> out right on the Windows side.  If someone could lay this out for me,
> I'd really find it helpful--I've been trying to make sense of the docs
> and tutorials and mailing lists and Q&A sites, and for what I would
> think is a fairly common setup, I can't seem to get something working
> without glitches for us.
> It's just that, somehow, since we recently switched home drives from
> W2K3 to Samba serving them up, this has suddenly started happening, and
> is somehow causing strange side effects like Thunderbird much more often
> deciding to rebuild summary files of mailboxes, and mail not coming in
> right away (perhaps due to an un-indicated summary rebuild conflicting
> with a too-often mail check), and, well, these strange permissions that
> we never had before appearing on most files that Thunderbird modifies.
> More help/hints/examples would be much appreciated :)
> Thanks Johan,
> Kev

As one of my users reports:

I updated to 24.0.
I went offline, then hit "Compact Folders" in the File menu.  (It 
appeared to compact all my folders.)
Then I rebooted my computer.

Now it is the afternoon, and 2 or 3 of my folders are Building Summary 
again !


This behaviour has only happened since switching from W2K3 to Samba for 
our home drives where Thunderbird profiles live.

What have I done wrong here?


More information about the samba mailing list