samba - Jul 2005 - Samba permissions

I am working on my permissions and something does not quite make sense 
to me.  Here is what I have set.

/DIR          (Unix permissions are 3777)

Then in samba I have the following

[dir]
path = /DIR
read only = no
valid users @teach @student
create mask 3660
directory mask 3770

Then from a windows workstation, I create a new directory inside 'dir', 
and call it 'teach'.

The permissions of 'teach' are 2770.  It looks like it should be 3770 to
me since the 'directory mask' commands does a bitwise 'AND'. 
Anyone
know why this is?  Maybe it is because of the DOS attributes or something.

Thanks for any help.

-- 
Scott Mayo
Technology Coordinator
Bloomfield Schools
PH: 573-568-5669
FA: 573-568-4565
Pager: 800-264-2535 X2549

Duct tape is like the force, it has a light side and a dark side and it
holds the universe together.

* <sgmayo@mail.bloomfield.k12.mo.us> [29/07/2005
1119EDT]:
> I am working on my permissions and something does not quite make sense 
> to me.  Here is what I have set.
> 
> /DIR          (Unix permissions are 3777)
> 
> Then in samba I have the following
> 
> [dir]
> path = /DIR
> read only = no
> valid users @teach @student
> create mask 3660
> directory mask 3770
> 
> Then from a windows workstation, I create a new directory inside
'dir',
> and call it 'teach'.
> 
> The permissions of 'teach' are 2770.  It looks like it should be
3770 to
> me since the 'directory mask' commands does a bitwise
'AND'.  Anyone
> know why this is?  Maybe it is because of the DOS attributes or something.
You're right about the bitwise AND.

But default mode for a new directory is 0777.  Observe:

kw@pigpen[2]:~$ cd tmp
kw@pigpen[2]:~/tmp$ umask 0
kw@pigpen[2]:~/tmp$ umask
0000
kw@pigpen[2]:~/tmp$ file foodir
foodir: cannot open (foodir)
kw@pigpen[2]:~/tmp$ mkdir foodir
kw@pigpen[2]:~/tmp$ ls -ld foodir
drwxrwxrwx  2 kw users 4096 Jul 29 11:59 foodir

However, your new directory *inherited* the setgid bit (effectively a
bitwise OR); this is simply the behavior of setgid bits on directories.
From the man page for the stat() system call (section 2):

       The set GID bit (S_ISGID) has several special uses: For a
       directory  it indicates  that  BSD  semantics is to be used for
       that directory: files created there inherit their group ID from
       the directory, not  from  the effective  gid  of  the creating
       process, and directories created there will also get the S_ISGID
       bit set.  For a file that does not  have  the group  execution
       bit (S_IXGRP) set, it indicates mandatory file/record locking.

So, for your case:

	(3770 & 0777) | 2000 = 2770

It is doing exactly what it should be doing. :)

Keith

-- 
SA Valaran Corp
GPG: 0xEC705AE9
I put the sh in IT.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20050729/92ed27ec/attachment.bin