Hi all,
We are having an issue when a user writes to there home directory the
permissions change to 0600, instead of 0751 that
we have been setting in smb.conf
Here is a description of the problem:
> reinstalled mac osx we have:
>
> 1) OS 10.5.0
>
> I mounted <SAMBA SERVER> with Prof Sutherlands account
>
> created the folder in 1703 --> test_reinstall
>
> then copied a file to the new folder: About_Stacks.pdf
>
> The permissions on the server for the folder are:
>
> 1703 # pwd
> /home/DOMAIN/00033394/public_html/1703
> humboldt 1703 # ls -la
> total 116
> drwxr-s--x 10 00033394 apache 4096 Aug 15 15:18 .
> drwxr-s--x 18 00033394 apache 4096 Aug 14 15:04 ..
> -rwxr-s--x 1 00033394 apache 6148 Aug 14 14:55 .DS_Store
> -rwxr-s--x 1 00033394 apache 11152 Aug 14 13:49 CHEN_1703.html
> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 CHEN_1703_files
> -rwxr-s--x 1 00033394 apache 8868 Aug 14 13:49 Homework.html
> drwxr-s--x 2 00033394 apache 155 Aug 14 13:49 Homework_files
> -rwxr-s--x 1 00033394 apache 10300 Aug 14 13:49 Lectures.html
> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Lectures_files
> drwxr-s--x 2 00033394 apache 28 Aug 14 13:49 Media
> -rwxr-s--x 1 00033394 apache 6326 Aug 14 13:49 Schedule.html
> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Schedule_files
> drwxr-s--x 3 00033394 apache 57 Aug 14 13:49 Scripts
> -rwxr-s--x 1 00033394 apache 28894 Aug 14 13:49 Syllabus.html
> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Syllabus_files
> -rwxr-s--x 1 00033394 apache 1963 Aug 14 13:49 feed.xml
> -rwxr-s--x 1 00033394 apache 311 Aug 14 13:49 index.html
> drwxr-s--x 2 00033394 apache 29 Aug 15 15:18 test_reinstall
>
>
> test_reinstall # ls -la
> total 304
> drwxr-s--x 2 00033394 apache 29 Aug 15 15:19 .
> drwxr-s--x 10 00033394 apache 4096 Aug 15 15:18 ..
> -rwxr----- 1 00033394 apache 303444 Aug 15 15:01 About_Stacks.pdf
>
> This works I can view the page:
> http://www.che.utah.edu/~sutherland/1703/test_reinstall/
>
> I am going to update the mac and see what happens
> updated to 10.5.4
>
> created the folder:
> test_reinstall_10.5.4 and the copied the file About_Stacks.pdf to it.
>
> perms look like this:
> 1703 # ls -la
> total 116
> drwxr-s--x 11 00033394 apache 4096 Aug 15 15:33 .
> drwxr-s--x 18 00033394 apache 4096 Aug 14 15:04 ..
> -rwxr-x--x 1 00033394 apache 6148 Aug 15 15:22 .DS_Store
> -rwxr-s--x 1 00033394 apache 11152 Aug 14 13:49 CHEN_1703.html
> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 CHEN_1703_files
> -rwxr-s--x 1 00033394 apache 8868 Aug 14 13:49 Homework.html
> drwxr-s--x 2 00033394 apache 155 Aug 14 13:49 Homework_files
> -rwxr-s--x 1 00033394 apache 10300 Aug 14 13:49 Lectures.html
> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Lectures_files
> drwxr-s--x 2 00033394 apache 28 Aug 14 13:49 Media
> -rwxr-s--x 1 00033394 apache 6326 Aug 14 13:49 Schedule.html
> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Schedule_files
> drwxr-s--x 3 00033394 apache 57 Aug 14 13:49 Scripts
> -rwxr-s--x 1 00033394 apache 28894 Aug 14 13:49 Syllabus.html
> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Syllabus_files
> -rwxr-s--x 1 00033394 apache 1963 Aug 14 13:49 feed.xml
> -rwxr-s--x 1 00033394 apache 311 Aug 14 13:49 index.html
> drwxr-s--x 2 00033394 apache 29 Aug 15 15:19 test_reinstall
> drwxr-xr-x 2 00033394 apache 29 Aug 15 15:33 test_reinstall_10.5.4
>
>
> *Note that the sticky bit is gone and has been replaced the execute bit
> The perms on the file:
> test_reinstall_10.5.4 # pwd
> /home/DOMAIN/00033394/public_html/1703/test_reinstall_10.5.4
> humboldt test_reinstall_10.5.4 # ls -la
> total 304
> drwxr-xr-x 2 00033394 apache 29 Aug 15 15:33 .
> drwxr-s--x 11 00033394 apache 4096 Aug 15 15:33 ..
> -rw------- 1 00033394 domain users 303444 Aug 15 15:01 About_Stacks.pdf
>
> apache is not the group and the perms are 0700, this page will not work.
The
> issue is that the mac is dropping the sticky bit and since the sticky bit
is
> gone the files are being created with the wrong perms.
Here is my smb.conf
> [global]
> workgroup = DOMAIN
> netbios name = SERVER
> realm = REALM
> server string = CHE file server
> security = ADS
> preferred master = no
> client use spnego = yes
> server signing = auto
> encrypt passwords = yes
> nt acl support = yes
> acl map full control = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
> template shell = /bin/false
> password server = DNS1 DNS2 *
> log level = 3
> log file = /var/log/samba/%m
> max log size = 100
> preferred master = No
> dns proxy = No
> wins server = WINS1 WINS2
>
> ; Winbind Settings
> winbind cache time = 0
> winbind nested groups = yes
> allow trusted domains = No
> idmap backend = idmap_rid:DOMAIN=500-100000000
> idmap uid = 500-100000000
> idmap gid = 500-100000000
> template shell = /bin/bash
> winbind use default domain = Yes
> winbind separator = +
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> obey pam restrictions = yes
> template homedir = /home/%D/%U
> logon path = \\%L\profiles\%U\%a
> logon drive = X:
>
> # For printers
> printcap name = /dev/null
> load printers = no
> printing = bsd
> [homes]
> comment = Home Directories
> valid users = %D+%U
> path = /home/%D/%U
> read only = no
> browseable = no
> root preexec = /etc/samba/mkhomedir.sh
'%U'
> writable = yes
> directory mask = 0771
> force directory mode = 0771
> create mask = 0751
> #security mask = 0771
> inherit permissions = yes
> veto files =
/*.blessed/*.forward/*.bash_history/*.bash_logout/*.bash_profile/*.bashrc/
> invalid users = bin daemon nobody named sys tty
disk mem kmem users
Any help would be appreciated.
--Brian