Hello everyone. I am using Samba 2.0.7 on a RedHat 6.2 machine. I wanted to apply a directory mask of 2770 to everything created in a share. The root directory of this share already has these permissions. I want to have it so that everything created in a certain directory has the permissions of the group of the creator. As it stands, I do have the directory mask = 2770 line in the smb.conf regarding this share, and as I said, the 2770 permissions on the parent directory (that I set manually). Files created in this share wind up with the perms of 770 instead of 2770, but do take the group of the parent directory. BUT if someone creates a directory within that directory, the perms are 770 and the group is not inherited from the parent. Now I know what you are thinking: "Why doesn't he just use the 'force group' setting." Suffice it to say, it doesn't suit my needs in this instance. If you want the long version, I can post that too, I just didn't want to waste people's time. Can samba support a directory mask of 2770? If so, what am I doing wrong? Thanks! Chris A snippet of smb.conf: [share] path=/share browseable =no force user = %U create mask = 0770 directory mask = 2770 admin users = chrisd,kurtk,administrator,zena valid users = chrisd,kurtk,administrator,zena,+homeshare
May I ask a ridiculously stupid question? I have seen this four digit mask many times, but I am only familiar with the function of the last three digits - what in the heck is the first digit for?? Thanks Charles -----Original Message----- From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On Behalf Of Chris Ditri Sent: Tuesday, October 16, 2001 8:33 AM To: samba@lists.samba.org Subject: directory mask = 2770 Hello everyone. I am using Samba 2.0.7 on a RedHat 6.2 machine. I wanted to apply a directory mask of 2770 to everything created in a share. The root directory of this share already has these permissions. I want to have it so that everything created in a certain directory has the permissions of the group of the creator. As it stands, I do have the directory mask = 2770 line in the smb.conf regarding this share, and as I said, the 2770 permissions on the parent directory (that I set manually). Files created in this share wind up with the perms of 770 instead of 2770, but do take the group of the parent directory. BUT if someone creates a directory within that directory, the perms are 770 and the group is not inherited from the parent. Now I know what you are thinking: "Why doesn't he just use the 'force group' setting." Suffice it to say, it doesn't suit my needs in this instance. If you want the long version, I can post that too, I just didn't want to waste people's time. Can samba support a directory mask of 2770? If so, what am I doing wrong? Thanks! Chris A snippet of smb.conf: [share] path=/share browseable =no force user = %U create mask = 0770 directory mask = 2770 admin users = chrisd,kurtk,administrator,zena valid users = chrisd,kurtk,administrator,zena,+homeshare -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Charles:
The first digit, in this case '2' sets the directory guid.
Since I'm sure that means nothing to you (It didn't to me at first!), I
will explain a little further.
When the guid is set the file in question, if executed, is executed as if
you were a member of that file's group. (Rember, every file has a user and
group associated with it, do an "ls -l" anywhere in Unix, and you will
see
this). The effect that this has upon directories is this: every file
created underneath that directory takes the group of the parent directory.
For an experiment, try this:
# touch hello
# ls -l hello
(the output is something like: -rwxr-xr-x hello)
# chmod 2770 hello
# ls -l hello
(the output is something like: -rwxrws--- hello)
Notice the 's'. that means the guid (group user id) is set.
You can also set perms to 4XXX (e.g. 4770) to set the user ID (set uid or
suid).
This executes a file as if you were that user.
Play with it, it is cool, but be careful when setting SUID for root! It
can cause security issues.
Chris
At 08:48 AM 10/16/2001 -0400, you wrote:>May I ask a ridiculously stupid question?
>
>I have seen this four digit mask many times, but I am only familiar with the
>function of the last three digits - what in the heck is the first digit
>for??
>
>Thanks
>
>Charles
>
>-----Original Message-----
>From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On
>Behalf Of Chris Ditri
>Sent: Tuesday, October 16, 2001 8:33 AM
>To: samba@lists.samba.org
>Subject: directory mask = 2770
>
>
>Hello everyone.
>
>I am using Samba 2.0.7 on a RedHat 6.2 machine. I wanted to apply a
>directory mask of 2770 to everything created in a share. The root
>directory of this share already has these permissions. I want to have it
>so that everything created in a certain directory has the permissions of
>the group of the creator.
>
>As it stands, I do have the directory mask = 2770 line in the smb.conf
>regarding this share, and as I said, the 2770 permissions on the parent
>directory (that I set manually). Files created in this share wind up with
>the perms of 770 instead of 2770, but do take the group of the parent
>directory. BUT if someone creates a directory within that directory, the
>perms are 770 and the group is not inherited from the parent.
>
>Now I know what you are thinking: "Why doesn't he just use the
'force
>group' setting." Suffice it to say, it doesn't suit my needs in
this
>instance. If you want the long version, I can post that too, I just
didn't
>want to waste people's time.
>
>Can samba support a directory mask of 2770? If so, what am I doing wrong?
>
>Thanks!
>
>
>Chris
>
>A snippet of smb.conf:
>
>[share]
>path=/share
>browseable =no
>force user = %U
>create mask = 0770
>directory mask = 2770
>admin users = chrisd,kurtk,administrator,zena
>valid users = chrisd,kurtk,administrator,zena,+homeshare
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: http://lists.samba.org/mailman/listinfo/samba
On Tue, 16 Oct 2001, Charles Marcus wrote:> I have seen this four digit mask many times, but I am only familiar > with the function of the last three digits - what in the heck is the > first digit for??setuid/group-id/sticky-bit 4 2 1 cheers, jerry --------------------------------------------------------------------- www.samba.org SAMBA Team jerry_at_samba.org www.plainjoe.org jerry_at_plainjoe.org --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
>Sender: ries@soneramail.nl >Date: Tue, 16 Oct 2001 15:36:03 +0200 >From: Ries van twisk <rvt@dds.nl> >Reply-To: rvt@dds.nl >X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.9 i586) >X-Accept-Language: en >To: Chris Ditri <chrisd@u10a.better-investing.org> >Subject: Re: directory mask = 2770 > >This is from the top of my head. > >Did you take a look at the 'inherit permissions' parameter? >I do know that the extra bits are forced to 0 because of security >reasons. > >Ries > >Chris Ditri wrote: > > > > Hello everyone. > > > > I am using Samba 2.0.7 on a RedHat 6.2 machine. I wanted to apply a > > directory mask of 2770 to everything created in a share. The root > > directory of this share already has these permissions. I want to have it > > so that everything created in a certain directory has the permissions of > > the group of the creator. > > > > As it stands, I do have the directory mask = 2770 line in the smb.conf > > regarding this share, and as I said, the 2770 permissions on the parent > > directory (that I set manually). Files created in this share wind up with > > the perms of 770 instead of 2770, but do take the group of the parent > > directory. BUT if someone creates a directory within that directory, the > > perms are 770 and the group is not inherited from the parent. > > > > Now I know what you are thinking: "Why doesn't he just use the 'force > > group' setting." Suffice it to say, it doesn't suit my needs in this > > instance. If you want the long version, I can post that too, I just didn't > > want to waste people's time. > > > > Can samba support a directory mask of 2770? If so, what am I doing wrong? > > > > Thanks! > > > > Chris > > > > A snippet of smb.conf: > > > > [share] > > path=/share > > browseable =no > > force user = %U > > create mask = 0770 > > directory mask = 2770 > > admin users = chrisd,kurtk,administrator,zena > > valid users = chrisd,kurtk,administrator,zena,+homeshare > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba