On Fri, Oct 05, 2012 at 03:42:24PM +0200, Andreas Oster
wrote:> Hello all,
>
> I am struggling to get share permissions to work properly.
> I am currently using samba 3.6.3 with AD integration.
>
> I want to force the following permissions:
>
> - created/renamed/copied directories: 0770
> - created/renamed/copied files: 0660
> - file permissions should not be editable by Windows users.
>
> I have tried a lot of different combinations of parameters but failed to
> get the desired permissions. Most of the time I end up with 0660 for
> newly created files and 0750 for newly created directories. When I
> rename a just created directory permission changes to 0770.
>
> At the moment I have this in my test share:
>
>
> force group = "MYDOM\test"
> force create mode = 0660
> create mask = 0660
> force directory mode = 0770
> directory mask = 0770
Hmmm. The :
force directory mode = 0770
directory mask = 0770
setting should do the trick. Are you also storing
the DOS attributes in EA's ? You probably also
need that to prevent UNIX permission modification.
Try adding:
store dos attributes = yes
map readonly = no
map system = no
map hidden = no
map archive = no
and re-test creating a new directory.
Jeremy.