[Samba] Samba 4.6.2 does not inherit setgid bit (anymore)

[Lorenzo Delana]

Hi Vincent,

have you found a solution that makes "force directory mode = 2770" able 
to apply to new created folders ?

I have a similar problem:

if I set by hand (eg. chmod 2770) the folder A and then I try to create 
an X element into that folder through samba I get the result needed ( 
group of X become overriden from parent folder A ) but the problem is 
that the new element X not honor forced mode discarding into 0770

    A rwxrw*s*---
    A\X    rwxrw*x*---


In many thread this problem appears and frequently the answer is that 
the group bit can't inherited through linux, but this is not the point 
because that's true and known, the problem seems that samba simply 
discard or not manage to apply these sticky bits at all ( at least 
regarding latest v4.7.4 ), I grabbed from the log following excerpt:

    [2018/01/30 19:05:17.994374,  5, pid=3294, effective(2002158,
    2000513), real(2002158, 0)] ../source3/smbd/dosmode.c:206(unix_mode)
       unix_mode: unix_mode(sharetest/A/X/New folder (10)) returning 02770
    ...
    [2018/01/30 19:05:18.064582,  5, pid=3294, effective(2002158,
    2000513), real(2002158, 0)] ../source3/smbd/dosmode.c:206(unix_mode)
       unix_mode: unix_mode(datatest/A/X/New folder (10)) returning 0770


Another efficient workaround could be to attach a simple script at some 
samba callback ( eg. file_created() ), but I don't know if exists such 
feature.

I definitively too need to understand where the problem is because in my 
scenario I have a C folder readable only by domain users and writable 
only by some users but when such users create something there new files 
looks like the following

    C\new_file poweruser    AD\*domain users*    rwx*rwx*---


the problem is that now "all domain users" can go to write where default 
acl deny that because of the ownership,group together with 77 permission 
that I need to manage everything through ACLs.

-- 
Lorenzo Delana |
|