[Samba] Permission masks

Rowland Penny rowlandpenny at googlemail.com
Thu Feb 26 03:01:12 MST 2015


On 26/02/15 09:42, John wrote:
> On 24/02/15 20:35, Rowland Penny wrote:
>> On 24/02/15 20:23, John wrote:
>>> I apologise for asking a basic question but I haven't been able to
>>> determine a sensible answer.
>>>
>>> I am using 4.1.17 as AD-DC. All configured and working with user home
>>> directories via [homes] and some other specific shares.
>>>
>>> Windows 7 client jointed to domain, users can log in and create files in
>>> their home directory.
>>>
>>> However the system permissions on those files are not what I expect and
>>> I am trying to understand why.
>>>
>>> My [homes] sets "create mask" and "directory mask" to 0700 but
>>> everything created has "0770".
>>>
>>> I have another share with a create mask of 0755. Files in there get
>>> 0775.
>>>
>>> I have checked with testparm that there is nothing configured to set to
>>> 0770 anywhere. it's like there is a "force create mode" but there isn't:
>>>
>>> $ testparm -v | grep -e 'force.*mode'
>>>       force create mode = 00
>>>       force directory mode = 00
>>>
>>> What am I missing? What could be overriding my permissions ?
>>>
>>> Thanks for any advice,
>>> John
>>>
>>>
>> For one thing you are missing the fact that [homes] doesn't work with
>> a samba4 DC, you should also be using ACLs instead of 'force mode' etc.
> Hmm, I didn't know that. Is that officially stated anywhere? It does
> appear to work for me except for the permissions issue. Could you
> elaborate on what doesn't work - there's probably something I haven't
> hit on yet.

It is on the wikipage: 
https://wiki.samba.org/index.php/Setting_up_a_home_share#Adding_the_share

I have now updated it, to make it a bit more explicit.

>> Try browsing the wiki:  https://wiki.samba.org/index.php/Main_Page
> ;) Goes without saying - it was the first placed I turned to but it
> isn't always straightforward to find where the answers are.
>> For your home share see:
>> https://wiki.samba.org/index.php/Setting_up_a_home_share
>>
>> For ACLs see:
>>
>> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs#Change_permissions_on_folders_of_a_share
>>
>>
> I'll look at these in more detail. I'm already using ACLs though but
> I'll look at the alternative way to implement home directories.
>
> What the above doesn't explain is why I am seeing additional permissions
> being applied on the server filesystem. It isn't a homes issue because
> it happens on other shares too. I'd like to get to the bottom of that
> one... Something is applying an OR-mask of 0770 to whatever files'
> permissions should be. The question is what...?

Follow the wiki page above, don't set *anything* on the share in 
smb.conf, do it all with ACLs

Rowland

>
>> Rowland
>>
>



More information about the samba mailing list