[Samba] Howto force directoy and file rights on version 4

Dietmar Hummel hummel at treibauf.ch
Thu Oct 16 09:14:36 MDT 2014

Hi list!

I have problems with the enforcement of rights with the installed 
version 4.1.6-Ubuntu (default of Ubuntu 14.04 Server)

I just want a setting which enforces 0777 access rights on any direcory 
or file that is written/changed by anyone.

My smb.conf looks like this:

netbios name = MYSERVER
workgroup = WGP
local master = yes
domain master= yes
preferred master = yes
os level = 255
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
log level = 5
syslog = 0
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
interfaces = em1 em2
bind interfaces only = yes
socket options = TCP_NODELAY
guest account = nobody
security = user
passdb backend = ldapsam:ldap://
ldap ssl = off
wins support = yes
kernel oplocks = no
oplocks = yes
unix charset=UTF8
disable spoolss = true

ldap admin dn = cn=admin,dc=wgp,dc=corp
ldap suffix = dc=wgp,dc=corp
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap

add machine script = /usr/sbin/smbldap-useradd -w -i "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

obey pam restrictions = yes
unix password sync = no
ldap passwd sync = yes
pam password change = yes
hide dot files = yes

    comment = a share
    writable = yes
    path = /somewhere/ashare
    create mask = 777
    directory mask = 777
    force create mode = 777
    force directory mode = 777
    map archive = no
    map system = no
    map hidden = no

If I create a file from a Windows 7 client it has 0755 access rights and 
other users cannot open the file
for writing. The security mask/mode options have been removed from 
samba4 and I have no further ideas on
how to force 0777 access mode...

Please help me!


More information about the samba mailing list