I've been using samba for some time and have always had a good experience.
I decided to try and configure my home network to let all my computers
talk to the samba share.
I'm stuck on one part where my OSX client, when creating new
files/directories, won't create them writeable by the group.
I've tried what seems like every combination of directory mask, force
directory mode, etc. but I'm unable to get the OSX client to create
folders with 770 permissions on any newly created folders.
What I'd like to do is find a way to "see" all the
permission's that
are getting applied to that directory when it is getting created.
This isn't a production box, so I'm willing to try anything at the
moment.
The good news is that it does create new files and folders...just that
other users can't modify them.
I do have logging turned up, but do not know what I should be looking for.
Scenario:
Client - OSX 10.5
Server - Ubuntu 7.04, XFS mounted /home, Samba 3.026a
Share section of smb.conf
[shared]
path = /home/shared
available = yes
browseable = yes
writable = yes
create mask = 02770
directory mask = 02770
force group = +shared
Testparm results (shared section)
[shared]
path = /home/shared
force group = +shared
read only = No
Hope I didn't forget anything.
Mike B.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Brian Gregorcy
2008-Sep-29 20:37 UTC
[Samba] OSX client, Linux server, permissions problem
barsalou wrote:> I've been using samba for some time and have always had a good experience. > > I decided to try and configure my home network to let all my computers > talk to the samba share. > > I'm stuck on one part where my OSX client, when creating new > files/directories, won't create them writeable by the group. > > I've tried what seems like every combination of directory mask, force > directory mode, etc. but I'm unable to get the OSX client to create > folders with 770 permissions on any newly created folders. > > What I'd like to do is find a way to "see" all the permission's that are > getting applied to that directory when it is getting created. > > This isn't a production box, so I'm willing to try anything at the moment. > > The good news is that it does create new files and folders...just that > other users can't modify them. > > I do have logging turned up, but do not know what I should be looking for. > > Scenario: > > Client - OSX 10.5 > Server - Ubuntu 7.04, XFS mounted /home, Samba 3.026a > > > Share section of smb.conf > > [shared] > path = /home/shared > available = yes > browseable = yes > writable = yes > create mask = 02770 > directory mask = 02770 > force group = +shared > > > Testparm results (shared section) > [shared] > path = /home/shared > force group = +shared > read only = No > > Hope I didn't forget anything. >I know this doesn't help but we are seeing the same problem, I opened a bug with apple but so far have not heard anything back. I also sent this email to this list awhile back and did not get a response, the copy of the email I sent is below. --Brian> Hi all, > > We are having an issue when a user writes to there home directory the permissions change to 0600, instead of 0751 that > we have been setting in smb.conf > > Here is a description of the problem: > >> reinstalled mac osx we have: >> >> 1) OS 10.5.0 >> I mounted <SAMBA SERVER> with Prof Sutherlands account >> created the folder in 1703 --> test_reinstall >> then copied a file to the new folder: About_Stacks.pdf >> >> The permissions on the server for the folder are: >> >> 1703 # pwd >> /home/DOMAIN/00033394/public_html/1703 >> humboldt 1703 # ls -la >> total 116 >> drwxr-s--x 10 00033394 apache 4096 Aug 15 15:18 . >> drwxr-s--x 18 00033394 apache 4096 Aug 14 15:04 .. >> -rwxr-s--x 1 00033394 apache 6148 Aug 14 14:55 .DS_Store >> -rwxr-s--x 1 00033394 apache 11152 Aug 14 13:49 CHEN_1703.html >> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 CHEN_1703_files >> -rwxr-s--x 1 00033394 apache 8868 Aug 14 13:49 Homework.html >> drwxr-s--x 2 00033394 apache 155 Aug 14 13:49 Homework_files >> -rwxr-s--x 1 00033394 apache 10300 Aug 14 13:49 Lectures.html >> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Lectures_files >> drwxr-s--x 2 00033394 apache 28 Aug 14 13:49 Media >> -rwxr-s--x 1 00033394 apache 6326 Aug 14 13:49 Schedule.html >> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Schedule_files >> drwxr-s--x 3 00033394 apache 57 Aug 14 13:49 Scripts >> -rwxr-s--x 1 00033394 apache 28894 Aug 14 13:49 Syllabus.html >> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Syllabus_files >> -rwxr-s--x 1 00033394 apache 1963 Aug 14 13:49 feed.xml >> -rwxr-s--x 1 00033394 apache 311 Aug 14 13:49 index.html >> drwxr-s--x 2 00033394 apache 29 Aug 15 15:18 test_reinstall >> >> >> test_reinstall # ls -la >> total 304 >> drwxr-s--x 2 00033394 apache 29 Aug 15 15:19 . >> drwxr-s--x 10 00033394 apache 4096 Aug 15 15:18 .. >> -rwxr----- 1 00033394 apache 303444 Aug 15 15:01 About_Stacks.pdf >> >> This works I can view the page: >> http://www.che.utah.edu/~sutherland/1703/test_reinstall/ >> >> I am going to update the mac and see what happens > > >> updated to 10.5.4 >> >> created the folder: test_reinstall_10.5.4 and the copied the file About_Stacks.pdf to it. >> >> perms look like this: >> 1703 # ls -la >> total 116 >> drwxr-s--x 11 00033394 apache 4096 Aug 15 15:33 . >> drwxr-s--x 18 00033394 apache 4096 Aug 14 15:04 .. >> -rwxr-x--x 1 00033394 apache 6148 Aug 15 15:22 .DS_Store >> -rwxr-s--x 1 00033394 apache 11152 Aug 14 13:49 CHEN_1703.html >> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 CHEN_1703_files >> -rwxr-s--x 1 00033394 apache 8868 Aug 14 13:49 Homework.html >> drwxr-s--x 2 00033394 apache 155 Aug 14 13:49 Homework_files >> -rwxr-s--x 1 00033394 apache 10300 Aug 14 13:49 Lectures.html >> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Lectures_files >> drwxr-s--x 2 00033394 apache 28 Aug 14 13:49 Media >> -rwxr-s--x 1 00033394 apache 6326 Aug 14 13:49 Schedule.html >> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Schedule_files >> drwxr-s--x 3 00033394 apache 57 Aug 14 13:49 Scripts >> -rwxr-s--x 1 00033394 apache 28894 Aug 14 13:49 Syllabus.html >> drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Syllabus_files >> -rwxr-s--x 1 00033394 apache 1963 Aug 14 13:49 feed.xml >> -rwxr-s--x 1 00033394 apache 311 Aug 14 13:49 index.html >> drwxr-s--x 2 00033394 apache 29 Aug 15 15:19 test_reinstall >> drwxr-xr-x 2 00033394 apache 29 Aug 15 15:33 test_reinstall_10.5.4 >> >> >> *Note that the sticky bit is gone and has been replaced the execute bit The perms on the file: >> test_reinstall_10.5.4 # pwd >> /home/DOMAIN/00033394/public_html/1703/test_reinstall_10.5.4 >> humboldt test_reinstall_10.5.4 # ls -la >> total 304 >> drwxr-xr-x 2 00033394 apache 29 Aug 15 15:33 . >> drwxr-s--x 11 00033394 apache 4096 Aug 15 15:33 .. >> -rw------- 1 00033394 domain users 303444 Aug 15 15:01 About_Stacks.pdf >> >> apache is not the group and the perms are 0700, this page will not work. The >> issue is that the mac is dropping the sticky bit and since the sticky bit is >> gone the files are being created with the wrong perms. > > > Here is my smb.conf > >> [global] >> workgroup = DOMAIN >> netbios name = SERVER >> realm = REALM >> server string = CHE file server >> security = ADS >> preferred master = no >> client use spnego = yes >> server signing = auto >> encrypt passwords = yes >> nt acl support = yes >> acl map full control = yes >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> template shell = /bin/false >> password server = DNS1 DNS2 * >> log level = 3 >> log file = /var/log/samba/%m >> max log size = 100 >> preferred master = No >> dns proxy = No >> wins server = WINS1 WINS2 >> >> ; Winbind Settings >> winbind cache time = 0 >> winbind nested groups = yes >> allow trusted domains = No >> idmap backend = idmap_rid:DOMAIN=500-100000000 >> idmap uid = 500-100000000 >> idmap gid = 500-100000000 >> template shell = /bin/bash >> winbind use default domain = Yes >> winbind separator = + >> winbind enum users = yes >> winbind enum groups = yes >> winbind use default domain = yes >> obey pam restrictions = yes >> template homedir = /home/%D/%U >> logon path = \\%L\profiles\%U\%a >> logon drive = X: >> >> # For printers >> printcap name = /dev/null >> load printers = no >> printing = bsd > > > > > >> [homes] >> comment = Home Directories >> valid users = %D+%U >> path = /home/%D/%U >> read only = no >> browseable = no >> root preexec = /etc/samba/mkhomedir.sh '%U' >> writable = yes >> directory mask = 0771 >> force directory mode = 0771 >> create mask = 0751 >> #security mask = 0771 >> inherit permissions = yes >> veto files = /*.blessed/*.forward/*.bash_history/*.bash_logout/*.bash_profile/*.bashrc/ >> invalid users = bin daemon nobody named sys tty disk mem kmem users > >
2008/9/29 Brian Gregorcy <brian.gregorcy@utah.edu>:>> You might be seeing the SMB unix extensions in action. In 10.5, the OS >> X SMB filesystem was taught to understand some SMB protocol extensions >> designed for unix system. what *might* be happening here is that the >> client is resetting the permissions after Samba applies the >> configuration mode masks. >> >> You should be able to verify this by packet sniffing or setting "unix >> extensions = no" on the server. >> > > That worked for me :) > > Thanks I have been looking for that for awhile now, is there any downside to > disabling unix extensions?The client will behave as though it is talking to a windows box, so unix modes will be best-effort and symlinks will be resolved on the server side rather than on the client side. -- James Peach | jorgar@gmail.com