12

I have a problem where permission bits are not being enforced on a samba share using a Linux client. I have samba configured on the server to force a certain user, group and permission bits and this works as expected until I touch the file or it becomes the target of IO redirection.

Here's what's happening:

user@linuxbox:~-->ls -l ~/archive/foo.txt
ls: cannot access /home/user/archive/foo.txt: No such file or directory
user@linuxbox:~-->touch ~/archive/foo.txt
user@linuxbox:~-->ls -l ~/archive/foo.txt
-rw-rw-r-- 1 archive archive 0 2010-09-13 20:29 /home/user/archive/foo.txt
user@linuxbox:~-->touch ~/archive/foo.txt
user@linuxbox:~-->ls -l ~/archive/foo.txt
-rwxrwxrwx 1 archive archive 0 2010-09-13 20:30 /home/user/archive/foo.txt

Notice when I touch the existing file its permission bits are 0777. They're supposed to be 0664 like when it was first created. How can I enforce 0664 on the existing file?

I have version 3.0.24 on the server and version 3.4.7 on the client. Here's my smb.conf:

[global]
interfaces = egiga0
unix charset = UTF8
workgroup = workgroup
netbios name = foo
server string = Foo
security = USER
map to guest = bad user
host msdfs = no
encrypt passwords = yes

[archive]
comment = File Archive
path = /home/archive
force user = archive
force group = archive
read only = yes
write list = @archive
guest ok = yes
create mask = 0
force create mode = 0664
security mask = 0
force security mode = 0664
directory mask = 0
force directory mode = 0775
directory security mask = 0
force directory security mode = 0775
Improve this question
9
  • What is in your smb.conf? Commented Sep 14, 2010 at 6:48
  • I've put the contents of my smb.conf in. Frankly, I'm unsure if I require all the explicit mode and mask bits. Commented Sep 14, 2010 at 16:17
  • @Jonathon all your touch ing seems to be on a *nix system... is the system you are creating the file on windows? or are you creating the file from a windows system? or is this *nix to *nix via samba (in which case why samba and not nfs) Commented Sep 14, 2010 at 22:00
  • @xenoterracide, I'm touching a file on the share using a Linux client; I'm going *nix to *nix in this case. There is a mix of Windows, Mac and Linux machines connecting to this samba service. Commented Sep 14, 2010 at 23:16
  • Are you sure your masks are good? create mask, security mask, directory mask. The docs aren't clear on weather a '0' by itself is valid for the masks. Other than that... how odd. Commented Sep 15, 2010 at 22:39

1 Answer 1

Reset to default
2

The samba permissions only work on the SMB (ie Windows) network clients. If you want to enforce this on the server (and any NFS clients) you need to set the sticky bit on all the directories.

first correct the files that are there:

chown -R archive /home/archive 
chgrp -R archive /home/archive 
find /home/archive -type d -exec chmod 0775 {} \;
find /home/archive -type f -exec chmod 0664 {} \;

then enforce this with the group sticky bit

find /home/archive -type d -exec chmod g+s {} \;

This is not infalable but does solve 99% of this sort of problem.

Regards DaveF

Result on my Solaris box:

davef@dalek[10]$ cd /proj/ftptmp
davef@dalek[11]$ ls -ld .
drwxrwsr-x  60 root     ftpusers     377 Oct  5 09:31 ./
davef@dalek[12]$
davef@dalek[12]$ ls -l foo.txt
foo.txt: No such file or directory
davef@dalek[13]$ touch foo.txt
davef@dalek[14]$ ls -l foo.txt
-rw-rw-r--   1 davef    ftpusers       0 Oct 15 11:49 foo.txt
davef@dalek[15]$ touch foo.txt
davef@dalek[16]$ ls -l foo.txt
-rw-rw-r--   1 davef    ftpusers       0 Oct 15 11:49 foo.txt
davef@dalek[17]$
davef@dalek[17]$ umask
2
davef@dalek[18]$
Improve this answer
4
  • Thanks. Finally had a chance to try this out but unfortunately the problem remains. Commented Oct 15, 2010 at 4:05
  • I wonder if it might be your umask? Commented Oct 15, 2010 at 10:50
  • My umask is 0022. Any other ideas? :) Commented Oct 16, 2010 at 3:13
  • I need to try it on my Linux box. Not had time yet. BTW we use NFS Unix to Linux etc not SMB. Commented Oct 21, 2010 at 8:12

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.