Jeremy Allison
2009-Jun-12 20:05 UTC
[Samba] Permissions of new files on samba with other read on.
On Fri, Jun 12, 2009 at 09:21:57AM +0200, Daniele Palumbo wrote:> hi. > > I have troubles of global readable bit on new file created on samba. > I wish to have a 660 permission on new files, instead i've got 664. > > also, if i create an empty files it will get 644 permmission, instead of 660. > > directory creation instead seems fine. > > Below my environmnent and tests. > pointing to samba docs or bugs, open or closed, are REALLY welcome.My guess is the client is resetting the mode after the file is created. "create mask" only applies to new files. Set the "security mask"/"force security mode" parameters to control mode setting on existing files. Jeremy.
Edward Ned Harvey
2009-Jun-12 21:39 UTC
[Samba] Permissions of new files on samba with other read on.
> I have troubles of global readable bit on new file created on samba. > I wish to have a 660 permission on new files, instead i've got 664. > > Server: Debian Lenny, kernel 2.6.26-2-xen-686, samba 2:3.2.5-4lenny2 > Client: Ubuntu Jaunty, kernel 2.6.28-11-generic, smbclient 2:3.3.2-Going linux to linux ... You could try "unix extensions = No" ... or just set the umask in your client shell environment.
Jocelyn Diaz
2009-Jun-14 00:23 UTC
[Samba] Permissions of new files on samba with other read on.
Daniele Palumbo <daniele@retaggio.net> wrote:>hi. > >I have troubles of global readable bit on new file created on samba. >I wish to have a 660 permission on new files, instead i've got 664. > >also, if i create an empty files it will get 644 permmission, instead of 660. > >directory creation instead seems fine. > >Below my environmnent and tests. >pointing to samba docs or bugs, open or closed, are REALLY welcome. > >---- >environment: >Server: Debian Lenny, kernel 2.6.26-2-xen-686, samba 2:3.2.5-4lenny2 > >Client: Ubuntu Jaunty, kernel 2.6.28-11-generic, smbclient 2:3.3.2-1ubuntu3, >/sbin/modinfo /lib/modules/`uname -r`/kernel/fs/cifs/cifs.ko >filename: /lib/modules/2.6.28-11-generic/kernel/fs/cifs/cifs.ko >version: 1.55 > >Share: >--- >[produzione] > comment = Reparto Produzione > path = /home/samba/groups/produzione > valid users = @ntadmin, @produzione, @direzione, @tecnico, @prototipi, >@acquisti, @ced, @magazzino > write list = @ntadmin, @produzione, @acquisti, dpalumbo > force group = produzione > create mask = 0660 > force create mode = 0660 > directory mask = 0770 > force directory mode = 0770 > >[ced] > comment = CED > path = /home/samba/groups/ced > valid users = @ntadmin, @ced, @direzione > write list = @ntadmin, @ced > force group = ced > create mask = 0660 > force create mode = 0660 > directory mask = 0770 > force directory mode = 0770 >--- > >jaunty fstab: >--- >//srv01.cemindustries.it/produzione /media/produzione cifs >rw,credentials=/etc/credentials,_netdev,umask 1 2 >//srv01.cemindustries.it/ced /media/ced cifs >rw,credentials=/etc/credentials,_netdev,umask 1 2 >--- >jaunty (grep) /etc/group >-- >ced:x:1009: >produzione:x:1012: >-- > >jaunty (grep) /etc/passwd >-- >daniele:x:1043:1009:daniele,,,:/home/daniele:/bin/bash >-- >daniele@daniele-desktop:~$ umask >0022 >daniele@daniele-desktop:~$ > >Now, >daniele@daniele-desktop:/media/produzione$ ls -l >totale 56 >-rw-r--r-- 1 daniele produzione 0 2009-06-11 19:01 pippo >-rw-r--r-- 1 daniele produzione 0 2009-06-11 19:01 pluto >-rw-rw-rw- 1 1047 acquisti 51476 2009-03-27 17:10 programma >produzione.pdf >daniele@daniele-desktop:/media/produzione$ > >daniele@daniele-desktop:/media/produzione$ vi gastone >daniele@daniele-desktop:/media/produzione$ ls -l gastone >-rw-rw-r-- 1 daniele produzione 3 2009-06-11 19:02 gastone >daniele@daniele-desktop:/media/produzione$ > >daniele@daniele-desktop:/media/ced$ ls -l topolino minnie >-rw-rw-r-- 1 daniele ced 4 2009-06-11 19:02 minnie >-rw-r--r-- 1 daniele ced 0 2009-06-11 19:02 topolino >daniele@daniele-desktop:/media/ced$ > >Therefore, if i create an empty file the write group bit ----w---- is not on. >instead, if the file have some content, the permission will be fine. > >In both cases i have the other read bit on ------r--, and this is really bad >because i do not want it. >I can imagine that if i force the group to 'produzione', and the user is not >on that group, the created file can have this bit. >I cannot understand why this happens in [ced], because the primary gid of the >user is ced as shown before. > >This is an extract log for directories: > >daniele@daniele-desktop:/media/produzione$ mkdir paperina >daniele@daniele-desktop:/media/produzione$ ls -ld paperina >drwxrwx--- 2 daniele produzione 0 2009-06-11 19:03 paperina >daniele@daniele-desktop:/media/produzione$ cd ../ced >daniele@daniele-desktop:/media/ced$ mkdir paperino >daniele@daniele-desktop:/media/ced$ ls -ld paperino/ >drwxrwx--- 2 daniele ced 0 2009-06-11 19:03 paperino/ > >So they are just fine. > >daniele@daniele-desktop:/media/ced$ cd paperino/ >daniele@daniele-desktop:/media/ced/paperino$ touch qui >daniele@daniele-desktop:/media/ced/paperino$ vi quo >daniele@daniele-desktop:/media/ced/paperino$ vi qua >daniele@daniele-desktop:/media/ced/paperino$ ls -l >totale 4 >-rw-rw-r-- 1 daniele ced 4 2009-06-11 19:04 qua >-rw-r--r-- 1 daniele ced 0 2009-06-11 19:04 qui >-rw-r--r-- 1 daniele ced 0 2009-06-11 19:04 quo >daniele@daniele-desktop:/media/ced/paperino$ > >Files in just created directories suffer from the "bug" bescribed above. > >any hints? > >Thanks a lot >d. >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba