[Samba] Samba-created files with POSIX ACLs gaining execute bit
Rowland Penny
rpenny at samba.org
Thu Dec 20 10:06:50 UTC 2018
On Thu, 20 Dec 2018 01:32:16 -0800
christian russell <christian.baltini at gmail.com> wrote:
> Hi Rowland, I see the typo now too — I retyped it from scratch … oops.
>
> Here it is.
>
> [global]
> workgroup = HOME
> netbios name = IPA
> realm = HOME.FRAPLIN.FUN
> kerberos method = dedicated keytab
> dedicated keytab file = /etc/samba/samba.keytab
> create krb5 conf = no
> security = user
> domain master = yes
> domain logons = yes
> log level = 1
> max log size = 100000
> log file = /var/log/samba/log.%m
> passdb backend = ipasam:ldap://ipa.home.fraplin.fun
> disable spoolss = yes
> ldapsam:trusted = yes
> ldap ssl = off
> ldap suffix = dc=home,dc=fraplin,dc=fun
> ldap user suffix = cn=users,cn=accounts
> ldap group suffix = cn=groups,cn=accounts
> ldap machine suffix = cn=computers,cn=accounts
> rpc_server:epmapper = external
> rpc_server:lsarpc = external
> rpc_server:lsass = external
> rpc_server:lsasd = external
> rpc_server:samr = external
> rpc_server:netlogon = external
> rpc_server:tcpip = yes
> rpc_daemon:epmd = fork
> rpc_daemon:lsasd = fork
> unix extensions = no
> vfs objects = catia fruit streams_xattr
> fruit:aapl
> fruit:nfs_aces = no
> dos filemode = no
> map archive = no
> map hidden = no
> map readonly = no
>
> [share1]
> path = /srv/share1
> guest ok = no
> create mask = 0660
>
> [share2]
> path = /srv/share2
> guest ok = no
> create mask = 0660
> inherit acls = yes
>
So, you are using Samba with an IPA server and presumably with Apple
clients. I have never used IPA, but I believe you can use 'security =
ADS' instead of all the 'ldap' lines.
You could also try adding 'force create mode' to the shares, e.g. force
create mode = 0110
Rowland
More information about the samba
mailing list