[Samba] file and directory permissions?

Wed, 22 Oct 2008 12:00:21 -0700 

Hello, 

we have a SLES 10SP2 setup with some collaboration shares distributed with 
Samba. In order to make sure files and folders on these shares are readable 
*and* writeable, the shares typically look like this:

[public]
        path = /home/01_public
        create mask = 740
        directory mask = 750
        force create mode = 220
        force directory mode = 770
        force group = optiker
        read list = zhang, @optiker
        write list = @optiker

With this, we want to have new or copied files to get -rw-rw---- and new or 
copied folders to get drwxrwx---.

This works OK for the Windows clients but the unixlike clients (Linux and 
MacOSX) write files with -rwxrw-r--, which is a little different from what we 
expect. Folders are allright.

The file creation works for Linux and Mac boxes, too, when the global option 
"unix extensions = no" is set. Yet, this leads to some unwanted behavior on 
the unixoid clients: they can no longer see who created a file, and what the 
actual permissions really are...

So, the question is: how can we make sure that files and folders are created 
with certain permissions for all client platforms, and without disabling unix 
extensions?

Also, it does not help to use ACLs on the share parent folders since the file 
permissions are the same as above, then...

Any help is deeply appreciated!


What follows is the global section of the smb.conf, just in case.

[global]
        add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody 
-s 
/bin/false %m$
        domain logons = Yes
        domain master = Yes
        hide dot files = yes
        hide special files = yes
        hosts allow = 127.0.0.1 192.168.173.0/24 132.230.0.0/16
        hosts deny = 0.0.0.0/0
        idmap backend = ldap:ldap://127.0.0.1
        ldap admin dn = cn=moadmin,dc=micro-optics,dc=uni
        ldap delete dn = No
        ldap group suffix = ou=gruppen
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Machines
        ldap passwd sync = Yes
        ldap replication sleep = 1000
        ldap ssl = Start_tls
        ldap suffix = dc=micro-optics,dc=uni
        ldap timeout = 5
        ldap user suffix = ou=nutzer
        local master = Yes
        log level = 3
        logon drive = L:
        logon path = \\%L\%U\_msprofile
        logon script = logon.bat
        netbios name = rioja
        os level = 65
        passdb backend = ldapsam:ldap://127.0.0.1
        preferred master = Yes
        security = user
#       unix extensions = no
        wins support = Yes
        workgroup = micro-optics

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        write list = root
        browsable = no
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to