[Samba] Problems with permissions

[Dr. Harry Knitter]

Rowland Penny <rowlandpenny at googlemail.com> schrieb am 18.01.2015:
> 
> Please don't send PM's, it breaks the thread, how was anybody other than
> Jeremy to know you sent it ??
This happened, becaus I got Jeremies mail by PM, too and did not take care to 
send my answer to the list, too. Sorry again
@ all
my samba version is 3.6.6.6.-deb7

@ Marc Muehlfeld
Not having a samba 4 version I tried 
https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_POSIX_ACLs

> 
> OK, in which case, can you post your entire smb.conf
> 
<smb.conf>
	workgroup = mydomain.lan
	server string = %h server
	interfaces = eth0
	bind interfaces only = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* 
%n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	name resolve order = lmhosts host wins bcast
	add user script = /usr/sbin/adduser --quiet --disabled-password --gecos 
"" %u
	add group script = /usr/sbin/addgroup --force-badname %g
	add machine script = /usr/sbin/useradd -g machines -c "%u machine 
account" -d /var/lib/samba -s /bin/false %u
	logon drive = H:
	domain logons = Yes
	domain master = Yes
	wins support = no
	panic action = /usr/share/samba/panic-action %d
	admin users = @ntadmin, root
	os level = 64
	log level = 3 smb:5
[homes]
	comment = Home Directories
	valid users = %S
	read only = No
	create mask = 0700
	directory mask = 0700
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	create mask = 0700
	printable = Yes
	print ok = Yes
	browseable = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers

[public]
	path = /home/ldap
	read only = no
	valid users = +users, root
	guest ok = no
	force group = users
	force user = harry
	create mask = 777
	directory mask = 777
	inherit permissions = yes

Unix premissions are set to 2777 according to 
https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_POSIX_ACLs

The status quo is from the view of the Windows clients:

No full controll for neither owner group nor everyone in standard permissions.

Only special permissions:

On existing directories:
owner has full control
group has full control
everyone has full control

on existing files
owner full control and delete not set
group full control and delete not set
everyone full control and delete not set

directories created new
owner has full control
group has full control
everyone has full control

files crated new
owner  full control and delete not set
group full control, search/execute, delete, change permissions, take ownership 
not set
everyone same as group

New created directories have unix permissions according to directory mask.
New created files have 766 (create mask is 777).

When connecting as othe user than owner, e.g. root/Administrator.
the ownership of new directories and files is root (force user is not done).

Trying to change permissions from Windows clients shows no effect.

Hope this will help you to help me. Thanks.

Harry

--
no PMs please, I am reading the list