Hello,
we have a SLES 10SP2 setup with some collaboration shares distributed with
Samba. In order to make sure files and folders on these shares are readable
*and* writeable, the shares typically look like this:
[public]
path = /home/01_public
create mask = 740
directory mask = 750
force create mode = 220
force directory mode = 770
force group = optiker
read list = zhang, @optiker
write list = @optiker
With this, we want to have new or copied files to get -rw-rw---- and new or
copied folders to get drwxrwx---.
This works OK for the Windows clients but the unixlike clients (Linux and
MacOSX) write files with -rwxrw-r--, which is a little different from what we
expect. Folders are allright.
The file creation works for Linux and Mac boxes, too, when the global option
"unix extensions = no" is set. Yet, this leads to some unwanted
behavior on
the unixoid clients: they can no longer see who created a file, and what the
actual permissions really are...
So, the question is: how can we make sure that files and folders are created
with certain permissions for all client platforms, and without disabling unix
extensions?
Also, it does not help to use ACLs on the share parent folders since the file
permissions are the same as above, then...
Any help is deeply appreciated!
What follows is the global section of the smb.conf, just in case.
[global]
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s
/bin/false %m$
domain logons = Yes
domain master = Yes
hide dot files = yes
hide special files = yes
hosts allow = 127.0.0.1 192.168.173.0/24 132.230.0.0/16
hosts deny = 0.0.0.0/0
idmap backend = ldap:ldap://127.0.0.1
ldap admin dn = cn=moadmin,dc=micro-optics,dc=uni
ldap delete dn = No
ldap group suffix = ou=gruppen
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = Yes
ldap replication sleep = 1000
ldap ssl = Start_tls
ldap suffix = dc=micro-optics,dc=uni
ldap timeout = 5
ldap user suffix = ou=nutzer
local master = Yes
log level = 3
logon drive = L:
logon path = \\%L\%U\_msprofile
logon script = logon.bat
netbios name = rioja
os level = 65
passdb backend = ldapsam:ldap://127.0.0.1
preferred master = Yes
security = user
# unix extensions = no
wins support = Yes
workgroup = micro-optics
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
browsable = no
