[Samba] MacOSX 10.9.4 with Samba 4.1.11 and permissions weirdness

Bo Kersey bo at vircio.com
Tue Nov 18 17:25:12 MST 2014 

Dan,
I've seen this behavior before, but I'm trying to duplicate it now and I can't....
I have a share setup exactly as you do:

>>>>         create mask = 0660
>>>>         force create mode = 0660
>>>>         directory mask = 0770
>>>>         force directory mode = 0770
>>>>         nt acl support = no

And I'm copying files and directories to the share from OSX 10.10.1 and the file & directory permissions are as expected.  This is against sernet-samba 4.1.13.
I'm seeing SMB2 connections in wireshark between the Mac and the Samba server.

Am I missing something?

Thanks!
Bo




----- Original Message -----
> From: "Dan Mons" <dmons at cuttingedge.com.au>
> To: "samba" <samba at lists.samba.org>
> Sent: Sunday, November 16, 2014 3:51:03 PM
> Subject: Re: [Samba] MacOSX 10.9.4 with Samba 4.1.11 and permissions	weirdness

> Bumping this one last time in the hope that someone else has a fix or
> workaround.
> 
> Permissions and umasks are still a problem with MacOSX clients.
> create mask / force mask are ignored most of the time by MacOSX 10.8
> through to 10.10 clients, and that causes much pain.
> 
> This wasn't a problem in Samba3, as the various permission mask
> options were always enforced regardless of client stupidity.
> 
> -Dan
> 
> ----------------
> Dan Mons - R&D Sysadmin
> Cutting Edge
> http://cuttingedge.com.au
> 
> 
> On 28 August 2014 09:23, Dan Mons <dmons at cuttingedge.com.au> wrote:
>> Hi,
>>
>> Thanks for the reply.
>>
>> We've tried  "unix extensions = no", and it makes no changes to
>> permissions of folders being written.
>>
>> What it does do, however, is break the Mac's ability to make real
>> POSIX symlinks (instead we get those annoying Minshall+French symlinks
>> that don't work on other Linux systems).  As such, we've had to keep
>> "unix extensions = yes" as that's integral to how our Macs need to
>> work with the rest of our Linux systems.
>>
>> -Dan
>>
>> ----------------
>> Dan Mons
>> Unbreaker of broken things
>> Cutting Edge
>> http://cuttingedge.com.au
>>
>>
>> On 28 August 2014 08:46, Danilo Mussolini <danilo at mdotti.com> wrote:
>>> Try "unix extensions = no". I guess this will help you.
>>>
>>>
>>> Best,
>>>
>>>
>>>
>>>
>>> On Wed, Aug 27, 2014 at 6:59 PM, Dan Mons <dmons at cuttingedge.com.au> wrote:
>>>>
>>>> Hi folks,
>>>>
>>>> I'm running CentOS 6.5 on our storage nodes, with Samba 4.1.11 RPMs from
>>>> Sernet.
>>>>
>>>> We're having a strange issue with MacOSX clients (testing on 10.9.4)
>>>> when writing directories.
>>>>
>>>> Relevant smb.conf share portions:
>>>>
>>>>         create mask = 0660
>>>>         force create mode = 0660
>>>>         directory mask = 0770
>>>>         force directory mode = 0770
>>>>         nt acl support = no
>>>>
>>>> With these in place, any Mac client that copies a directory across
>>>> writes the permissions for a directory as (reported directly on the
>>>> Linux storage):
>>>>
>>>> u=rw
>>>> g=rwx
>>>> o=
>>>> i.e.: 0670
>>>>
>>>> The user loses the execute permission on directories, and can no
>>>> longer traverse directories or list their contents.
>>>>
>>>> When I replace the smb.conf portion with the following:
>>>>
>>>>         create mask = 0770
>>>>         force create mode = 0770
>>>>         directory mask = 0770
>>>>         force directory mode = 0770
>>>>         nt acl support = no
>>>>
>>>> Directories correctly get 0770 permissions on the Linux file system,
>>>> however so do regular files (I'm trying to avoid regular files getting
>>>> marked as executable for this particular data store).
>>>>
>>>> We have multiple sites and multiple data stores (two whopping big
>>>> Gluster stores, as well as some regular NAS units with standard local
>>>> storage), and the problem exists the same way on all of them.
>>>>
>>>> We began testing on Samba 4.1.9 originally, and it showed the same
>>>> behaviour.  I'm just wondering if anyone else has seen the same, or if
>>>> it's just MacOSX madness (which I'm willing to accept as the answer,
>>>> as MacOSX is anything but consistent with SMB).
>>>>
>>>> Previously on Samba 3.6.9 provided with CentOS 6, I would add the
>>>> following share options to solve Mac-specific weirdness:
>>>>
>>>>         #security mask = 0660
>>>>         #force security mode = 0660
>>>>         #directory security mask = 0770
>>>>         #force directory security mode = 0770
>>>>
>>>> These no longer work in Samba 4, and both the man pages and Samba wiki
>>>> reflect this change.  When I apply my Google-fu to this problem, these
>>>> options are what most people are suggesting, but again they're not
>>>> available to me.
>>>>
>>>> Cheers for any insight offered.
>>>>
>>>> -Dan
>>>>
>>>> ----------------
>>>> Dan Mons
>>>> Unbreaker of broken things
>>>> Cutting Edge
>>>> http://cuttingedge.com.au
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
Bo Kersey 
VirCIO - managed network solutions 
4314 Avenue C 
Austin, TX 78751 
phone: (512)374-0500

More information about the samba mailing list