[Samba] [SOLVED] Re: Samba 4, setgid & new file permissions

Tomáš Králík kralik at techsoft-eng.cz
Wed Aug 27 06:15:15 MDT 2014 

Hi,

so in the end, it seems like I solved it on my own. All I had to do was 
to add "vfs objects = posix_eadb" option into the config file so now the 
share definition looks like this.

[data]
         path = /data
         read only = No
         create mask = 660
         directory mask = 2770
         vfs objects = posix_eadb

So far so good, hopefully it will run alright in the future as well.

I hope this solution will help someone with the same problem.

Tomas


On 08/11/2014 10:49 AM, Tomáš Králík wrote:
> Hello everybody,
>
> I have a server with CentOS 6.5 (kernel version 
> 2.6.32-431.5.1.el6.x86_64) and Samba version 4.2.0pre1-GIT-4daf7d4. I 
> am using this server as a PDC and so far everything is working quite 
> alright.
>
> However, I have a problem with permissions of files I want to share. 
> Mostly it is working well. Samba respects group memberships, including 
> supplementary groups, ownership, etc. The only problem is that Samba 
> is not honoring the setgid bit. When I create a file or directory in 
> Windows, it belongs to the user who created it and the group they have 
> as their primaryGroupID attribute, even though the directory has the 
> setgid bit set. When I create the file using a shell command, the 
> right group ownership is set. Does anyone know any solution for this 
> problem?
>
> I am sharing a directory which is mounted as NFS on the PDC. The 
> fileserver's OS is SLES. However, I also tried to share some local 
> directory, set the setgid bit and the result was the same.
>
> And one more, less important problem. When I create a file in a shared 
> directory from Windows in a directory that has been previously created 
> in Linux, the permissions of the new file respect the mask set in 
> smb.conf. However, when I create a file in a directory that has been 
> created in Windows, the execution bit is set and ACLs are created. Is 
> it possible to configurate the permissions to honor the mask in the 
> config so the exec bit does not get set? I hope it is not too confusing.
>
> The share config in smb.conf is very simple.
>
> [data]
>         path = /data
>         read only = No
>         create mask = 660
>         directory mask = 2770
>
> Thank you very much in advance.
>
> Tomas Kralik

More information about the samba mailing list