[Samba] Bit SGID on directories

Frédéric POUGNAULT f.pougnault at galitt.com
Mon Jun 19 14:00:52 UTC 2017 

Hello,

 
I have a samba server v4.6.5, it’s a member of a Windows 2003 domain.

 
I setup a share, in this share I want to set sgid bit on directories.

I created a directory with SGID bit on the top of the share, but when I create inside new directories didn’t have SGID bits.

 
Here is my smb.conf :

 
[global]

use sendfile = no

gpfs:getrealfilename = no

smb ports = 445 139

dos charset = 850

unix charset = UTF-8

interfaces = eth0

bind interfaces only = true

workgroup = MYREALM

passdb backend = tdbsam

os level = 2

time server = yes

unix extensions = yes

encrypt passwords = yes

log level = 0 acls:10

max protocol = SMB2

posix locking = no

load printers = no

name resolve order = wins host lmhosts bcast

security = ADS

password server = MyPasswordServer

realm = MYREALM.COM

netbios name = DATA30

winbind separator = +

winbind cache time = 15

winbind use default domain = yes

winbind enum users = yes

winbind enum groups = yes

template homedir = /home%U

template shell = /bin/bash

logon path = \\server\%U

unix password sync = Yes

passwd program = /usr/bin/passwd %u

passwd chat = *New*password* %n\n *Retype*new*password* %n\n *password:*all*authentication*tokens*updated*successfully

Pam password change = yes

client ntlmv2 auth = yes

host msdfs = yes

obey pam restrictions = Yes

wins support = no

wins server = MYWINS

public = yes

browseable = yes

lm announce = yes

browse list = yes

auto services = yes

remote browse sync = MyRemoteBrowseSync

remote announce = X.X.X.0/24

server string =

inherit acls = no

map acl inherit = yes

nt acl support = yes

inherit permissions = no

enhanced browsing = yes

winbind use default domain = yes

getwd cache = yes

wide links = no

include = /etc/samba/smb.conf.%m

idmap config MYREALM : backend = rid

idmap config MYREALM : range = 60000-50000000

idmap config MYREALM : base_rid = 0

idmap config * : range = 20000-30000

nmbd bind explicit broadcast = no

 
[MyShare]

 comment =

 path = /home/fred

 valid users = @MYREALM+FREDGROUP

 public = no

 writable = yes

 printable = no

 browsable = yes

 preserve case = yes  

 short preserve case = yes

 default case = lower

 case sensitive = no

 msdfs root = yes

create mask = 770

 force create mode = 670

 force directory mode = 2770

 directory mask = 770

 store dos attributes = yes

 
If I set force directory mode to 1770 it is create with sticky bit, but with 2770 there is no sgid bit.

 
Thank you

More information about the samba mailing list