[Samba] Samba4 and file permissions

Stefano Martini S.Martini at ifinet.it
Mon Dec 19 09:24:07 UTC 2016

I configured a samba 4.3.1 service on a Centos 6.5 32 bit system and installed it in the /home/samba/samba-4.3.1 directory (I know this is not a good place but it was the only partition with enough free space).
The samba is running as an Active Directory Domain Controller with rfc2307 enabled and embedded DNS server.
This is my smb.conf

# Global parameters
        workgroup = TESTDOM
        realm = TESTDOM.LOCAL
        netbios name = DC-SERVER
        server role = active directory domain controller
        dns forwarder = X.X.X.X
        idmap_ldb:use rfc2307 = yes

        path = /home/samba/samba-4.3.1/var/locks/sysvol/lacdevel.lac/scripts
        read only = No

        path = /home/samba/samba-4.3.1/var/locks/sysvol
        read only = No

        comment = %u's Home Directory
        read only = no
        browseable = no
        guest ok = no
        directory mask = 755
        create mask = 0644
        force create mode = 0644

On the Linux host I have the user "userX", with uid 503, belonging to the group "groupX", with gid 507.
I created the corresponding user and group into the Samba server by using the samba-tool command:

# Created the user
samba-tool user add userX --unix-home=/home/userX --uid-number=503 --login-shell=/bin/bash --gid-number=507 --given-name=NameX --surname=SurnameX

# Created the group
samba-tool group add groupX --gid-number=507 --nis-domain=testdom

# Added the user into the group
samba-tool group addmembers groupX userX

Then, by using an LDAP administration tool, a chanced the primaryGroupID attribute of the userX user to the RID of the groupX group (1104).

This configuration works fine. On a remote system I can mount the userX's home:

mount -t cifs //x.x.x.x/userX /mnt -o user=TESTDOM\\userX

Now I have this problem: every file created by the remote host has the same permissions. For example, running

touch /mnt/fileX

on the remote host creates fileX in the userX's home with these permissions:

ls -l /home/userX/fileX
-rwxrwxr-x+ 1 userX groupX 0 Dec 19 10:13 /home/userX/fileX

How can I set the permission of files according to the umask of the userX linux user?
Is there a way to define this property into the Samba AD database ?

Thanks in advance

More information about the samba mailing list