[Samba] SGID bit not obeyed in 4.3.9?

Smith, Jarrod A jarrod.smith at Vanderbilt.Edu
Wed May 18 18:44:15 UTC 2016

We just upgraded to 4.3.9 (from 4.1.x) and are experiencing a few issues/differences around permissions on files written from Windows clients authenticated from winbind/AD.  One specific issue that we have is directories with permissions like:

drwxrws---+   9 myapp 9997  2048 May 16 17:38 .

It's owned by user "myapp" and GID 9997 and as you can see we have the SGID bit set on this directory.  Prior to the upgrade, new files or directories created inside this directory would be owned by the 9997 GID, which is required for a particular workflow that involves uploading files from windows clients and then processing them with batch jobs on a Linux cluster.  After the upgrade, the behavior is broken - now the GID ownership goes to the default group membership coming from winbind/AD.  Group 9997 does not exist in AD, and never has, which I suspect is why this was originally setup this way.

I have tried to override this at the share level with:

create mask = 2777
force create mode = 2660
directory mask = 2777
force directory mode = 2770

but that seems to have absolutely no effect.  I'm a bit surprised at that, since I found several references indicating that this has worked in the past to solve exactly the problem I have.

I also tried "force group = 9997" but then I can't even map the share (not sure why - is that because the group is not in AD?).

Any idea what is going on here or how to troubleshoot?


Jarrod Smith

More information about the samba mailing list