[Samba] Samba file server share sets Windows Hidden attribute

Mark Foley mfoley at novatec-inc.com
Fri Jan 26 20:14:07 UTC 2024 

I'm having a very odd problem. I have a domain member running Samba 4.18.9, just
installed last weekend. It is a file server for the office who use Windows 10
and have a "drive" mapped to this host.

When users scan/append to existing PDF files on this mapped drive, they
disappear. Viewed on Windows, the H (hidden attribute) gets set. The user can
scan a new file to their mapped drive and it is visible. The user can
alternatively scan/append/save this modified file to their Desktop, then copy it
back (overwrite) it on the Samba share and it is visible.

Here's the odd thing, scan/appending to their Desktop works, but the Desktop is
also a Samba share on another host, the DC! Same Samba version.

The smb.conf on the domain member (where the problem is):

==========================
[global]
        max log size = 10000 
        realm = HPRS.LOCAL
        security = ADS
        server role = member server
        server string = HPRS NAS server
        template homedir = /home/%U
        template shell = /bin/bash 
        workgroup = HPRS
        idmap config hprs : range = 10000-999999
        idmap config hprs : backend = rid
        idmap config * : range = 3000-7999
        idmap config * : backend = tdb
        
vfs objects = acl_xattr
map acl inherit = yes  

load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

usershare allow guests = Yes
usershare max shares = 10   

[public]
comment = OHPRS main file and document repository
path = /mnt/RAID/public
hide files = /Outlook/outlook/~*/

readonly = no
locking = yes
public = yes
printable = no
create mask = 0660
force user = user
force group = group
force create mode = 0660
directory mask = 2771
===========================

Other than the new 'vfs objects = acl_xattr' and 'map acl inherit = yes', the
stuff in [public] is unchanged from before the Samba upgrade. In addition to
setting the Windows 'H' attribute on appended scanned PDF, new files of any kind
(.pdf, .docx, ...) are create with permission 0771, not 0660, as prescribed in
the smb.conf.

The smb.conf on the DC defining the Desktop is:

=========================
[Users]
    path = /redirectedFolders/Users
    comment = user folders for redirection
    read only = No
========================

In addition, the \\mail.hprs.local\Users has:
CREATOR OWNER:Full control:Subfolders and files only
Domain Admins:Full control:This folder, subfolders and files
Authenticated Users:Traverse Folder/Execute file,List folder/read data,Read
Attributes, Create folders/append data:This folder only
SYSTEM:Full Control:This folder, subfolders and files

In summary, users scanning/appending to PDF files on domain member share:
[public] end up with the files set to Windows attribute Hidden. The Linux
attributes are set to 0771, not 0660 as prescribed in the smb.conf.

Users scanning/appending to PDF files on their Desktop on domain controller
share: [Users] end up with the file NOT hidden, and the Linux permissions 
set to 0770.

Creating new files of any type have no problem with the hidden attribute.

Scanning/appending personnel files is the main task of employees at this
organization, so this is really a problem!

Why is this happening and how do I fix it?

Thanks --Mark

More information about the samba mailing list