Chad William Seys
2016-Nov-14  21:19 UTC
[Samba] vfs_fruit 'other' create mode different than parent
Hello all,
   I'm trying enable vfs_fruit.
   One problem I've noticed is that when a file or directory is created 
on a Macintosh the "other" mode is 'r--' (file) or
'r-x' (directory)
even though the parent directory is '---'.
   On Windows, Linux, and Macintosh with vfs_fruit not loaded all create 
files and directories with mode for other set to '---'.
   I've tried 'fruit:nfs_aces = no' with no change.
Any ideas?
Chad.
   Samba version:
4.2.10+dfsg-0+deb8u3
# Global parameters
[global]
         workgroup = PHYSICS
         realm = PHYSICS.WISC.EDU
         server string = %h server
         security = ADS
         map to guest = Bad User
         kerberos method = secrets and keytab
         syslog = 0
         max log size = 100000
         server signing = required
         hostname lookups = Yes
         dns proxy = No
         panic action = /usr/share/samba/panic-action %d
         idmap config * : backend = tdb
[smb]
         path = /srv/smb
         read only = No
         inherit permissions = Yes
         inherit acls = Yes
         ea support = Yes
         vfs objects = catia fruit streams_xattr
Ralph Böhme
2017-Jan-21  07:29 UTC
[Samba] vfs_fruit 'other' create mode different than parent
On Mon, Nov 14, 2016 at 03:19:52PM -0600, Chad William Seys via samba wrote:> Hello all, > I'm trying enable vfs_fruit. > One problem I've noticed is that when a file or directory is created on a > Macintosh the "other" mode is 'r--' (file) or 'r-x' (directory) even though > the parent directory is '---'. > On Windows, Linux, and Macintosh with vfs_fruit not loaded all create > files and directories with mode for other set to '---'. > I've tried 'fruit:nfs_aces = no' with no change.it's a global option. Have you put it in the global or a share section? Cheerio! -slow
Chad William Seys
2017-Jan-23  17:49 UTC
[Samba] vfs_fruit 'other' create mode different than parent
Hi Ralph,> it's a global option. Have you put it in the global or a share section?Thanks for the hint! After putting it in the global options the create mode mimics the parent directory as one would expect from " inherit permissions = yes inherit acls = yes " If possible it would be less dangerous (securitywise) not to have fruit:nfs_aces setting interact with 'inherit permissions' and 'inherit acls'. Or at least the default setting of nfs_aces should not interact with a big warning/explanation of how changing to nfs_aces = yes will interact. Thanks again! Chad.