[Samba] MacOSX 10.9.4 with Samba 4.1.11 and permissions weirdness

Bo Kersey bo at vircio.com
Wed Nov 19 06:53:41 MST 2014 

Tried both tests.  The permissions on the folder ended up 0770 on the server and the perms on the file ended up 0660 as expected.
Additionally, once the files are on the server, I cannot adjust the permissions with the Mac at all.  The file info says custom perms.  If I try from the command line on the mount (/Volumes/test), I can't change perms either.  They seem to be locked with the settings in the share definition.


----- Original Message -----
> From: "Dan Mons" <dmons at cuttingedge.com.au>
> To: "Bo Kersey" <bo at vircio.com>
> Cc: "samba" <samba at lists.samba.org>
> Sent: Wednesday, November 19, 2014 12:06:00 AM
> Subject: Re: [Samba] MacOSX 10.9.4 with Samba 4.1.11 and permissions weirdness

> Hi Bo, thanks for the email.
> 
> What are the permissions on the files to start with (i.e.: on your mac
> client, before copying to the Samba share?).
> 
> Try making a local file, and chmod 400 that file, then copy it to the
> Samba server and see what happens.  Also try chmod 400 a file on your
> local system, and copying the parent folder (with the file in it) to
> the Samba server.
> 
> In particular, the "parent folder" one bites us frequently.  MacOSX
> does things like makes folders unwritable by the user if they've been
> downloaded form the Internet.  A common use case for us is admin staff
> downloading things from the Internet, copying them to our Samba
> servers, and then having the rest of our production users locked out
> of the files/folders as a result.   This is a daily occurrence for us
> at the moment, and is eating an enormous amount of helpdesk time.
> 
> As mentioned, the problem could be worked round with Samba3.  We would
> like to stick with Samba4 for the much faster SMB2/SMB3 protocol
> support, but it's proving impossible with MacOSX clients.
> 
> -Dan
> 
> 
> 
> ----------------
> Dan Mons - R&D Sysadmin
> Cutting Edge
> http://cuttingedge.com.au
> 
> 
> On 19 November 2014 10:25, Bo Kersey <bo at vircio.com> wrote:
>> Dan,
>> I've seen this behavior before, but I'm trying to duplicate it now and I
>> can't....
>> I have a share setup exactly as you do:
>>
>>>>>>         create mask = 0660
>>>>>>         force create mode = 0660
>>>>>>         directory mask = 0770
>>>>>>         force directory mode = 0770
>>>>>>         nt acl support = no
>>
>> And I'm copying files and directories to the share from OSX 10.10.1 and the file
>> & directory permissions are as expected.  This is against sernet-samba 4.1.13.
>> I'm seeing SMB2 connections in wireshark between the Mac and the Samba server.
>>
>> Am I missing something?
>>
>> Thanks!
>> Bo
>>
>>
>>
>>
>> ----- Original Message -----
>>> From: "Dan Mons" <dmons at cuttingedge.com.au>
>>> To: "samba" <samba at lists.samba.org>
>>> Sent: Sunday, November 16, 2014 3:51:03 PM
>>> Subject: Re: [Samba] MacOSX 10.9.4 with Samba 4.1.11 and permissions  weirdness
>>
>>> Bumping this one last time in the hope that someone else has a fix or
>>> workaround.
>>>
>>> Permissions and umasks are still a problem with MacOSX clients.
>>> create mask / force mask are ignored most of the time by MacOSX 10.8
>>> through to 10.10 clients, and that causes much pain.
>>>
>>> This wasn't a problem in Samba3, as the various permission mask
>>> options were always enforced regardless of client stupidity.
>>>
>>> -Dan
>>>
>>> ----------------
>>> Dan Mons - R&D Sysadmin
>>> Cutting Edge
>>> http://cuttingedge.com.au
>>>
>>>
>>> On 28 August 2014 09:23, Dan Mons <dmons at cuttingedge.com.au> wrote:
>>>> Hi,
>>>>
>>>> Thanks for the reply.
>>>>
>>>> We've tried  "unix extensions = no", and it makes no changes to
>>>> permissions of folders being written.
>>>>
>>>> What it does do, however, is break the Mac's ability to make real
>>>> POSIX symlinks (instead we get those annoying Minshall+French symlinks
>>>> that don't work on other Linux systems).  As such, we've had to keep
>>>> "unix extensions = yes" as that's integral to how our Macs need to
>>>> work with the rest of our Linux systems.
>>>>
>>>> -Dan
>>>>
>>>> ----------------
>>>> Dan Mons
>>>> Unbreaker of broken things
>>>> Cutting Edge
>>>> http://cuttingedge.com.au
>>>>
>>>>
>>>> On 28 August 2014 08:46, Danilo Mussolini <danilo at mdotti.com> wrote:
>>>>> Try "unix extensions = no". I guess this will help you.
>>>>>
>>>>>
>>>>> Best,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Aug 27, 2014 at 6:59 PM, Dan Mons <dmons at cuttingedge.com.au> wrote:
>>>>>>
>>>>>> Hi folks,
>>>>>>
>>>>>> I'm running CentOS 6.5 on our storage nodes, with Samba 4.1.11 RPMs from
>>>>>> Sernet.
>>>>>>
>>>>>> We're having a strange issue with MacOSX clients (testing on 10.9.4)
>>>>>> when writing directories.
>>>>>>
>>>>>> Relevant smb.conf share portions:
>>>>>>
>>>>>>         create mask = 0660
>>>>>>         force create mode = 0660
>>>>>>         directory mask = 0770
>>>>>>         force directory mode = 0770
>>>>>>         nt acl support = no
>>>>>>
>>>>>> With these in place, any Mac client that copies a directory across
>>>>>> writes the permissions for a directory as (reported directly on the
>>>>>> Linux storage):
>>>>>>
>>>>>> u=rw
>>>>>> g=rwx
>>>>>> o=
>>>>>> i.e.: 0670
>>>>>>
>>>>>> The user loses the execute permission on directories, and can no
>>>>>> longer traverse directories or list their contents.
>>>>>>
>>>>>> When I replace the smb.conf portion with the following:
>>>>>>
>>>>>>         create mask = 0770
>>>>>>         force create mode = 0770
>>>>>>         directory mask = 0770
>>>>>>         force directory mode = 0770
>>>>>>         nt acl support = no
>>>>>>
>>>>>> Directories correctly get 0770 permissions on the Linux file system,
>>>>>> however so do regular files (I'm trying to avoid regular files getting
>>>>>> marked as executable for this particular data store).
>>>>>>
>>>>>> We have multiple sites and multiple data stores (two whopping big
>>>>>> Gluster stores, as well as some regular NAS units with standard local
>>>>>> storage), and the problem exists the same way on all of them.
>>>>>>
>>>>>> We began testing on Samba 4.1.9 originally, and it showed the same
>>>>>> behaviour.  I'm just wondering if anyone else has seen the same, or if
>>>>>> it's just MacOSX madness (which I'm willing to accept as the answer,
>>>>>> as MacOSX is anything but consistent with SMB).
>>>>>>
>>>>>> Previously on Samba 3.6.9 provided with CentOS 6, I would add the
>>>>>> following share options to solve Mac-specific weirdness:
>>>>>>
>>>>>>         #security mask = 0660
>>>>>>         #force security mode = 0660
>>>>>>         #directory security mask = 0770
>>>>>>         #force directory security mode = 0770
>>>>>>
>>>>>> These no longer work in Samba 4, and both the man pages and Samba wiki
>>>>>> reflect this change.  When I apply my Google-fu to this problem, these
>>>>>> options are what most people are suggesting, but again they're not
>>>>>> available to me.
>>>>>>
>>>>>> Cheers for any insight offered.
>>>>>>
>>>>>> -Dan
>>>>>>
>>>>>> ----------------
>>>>>> Dan Mons
>>>>>> Unbreaker of broken things
>>>>>> Cutting Edge
>>>>>> http://cuttingedge.com.au
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>> --
>> Bo Kersey
>> VirCIO - managed network solutions
>> 4314 Avenue C
>> Austin, TX 78751
> > phone: (512)374-0500

-- 
Bo Kersey 
VirCIO - managed network solutions 
4314 Avenue C 
Austin, TX 78751 
phone: (512)374-0500

More information about the samba mailing list