samba - Aug 2014 - Samba 4, setgid & new file permissions

Hello everybody,

I have a server with CentOS 6.5 (kernel version 
2.6.32-431.5.1.el6.x86_64) and Samba version 4.2.0pre1-GIT-4daf7d4. I am 
using this server as a PDC and so far everything is working quite alright.

However, I have a problem with permissions of files I want to share. 
Mostly it is working well. Samba respects group memberships, including 
supplementary groups, ownership, etc. The only problem is that Samba is 
not honoring the setgid bit. When I create a file or directory in 
Windows, it belongs to the user who created it and the group they have 
as their primaryGroupID attribute, even though the directory has the 
setgid bit set. When I create the file using a shell command, the right 
group ownership is set. Does anyone know any solution for this problem?

I am sharing a directory which is mounted as NFS on the PDC. The 
fileserver's OS is SLES. However, I also tried to share some local 
directory, set the setgid bit and the result was the same.

And one more, less important problem. When I create a file in a shared 
directory from Windows in a directory that has been previously created 
in Linux, the permissions of the new file respect the mask set in 
smb.conf. However, when I create a file in a directory that has been 
created in Windows, the execution bit is set and ACLs are created. Is it 
possible to configurate the permissions to honor the mask in the config 
so the exec bit does not get set? I hope it is not too confusing.

The share config in smb.conf is very simple.

[data]
         path = /data
         read only = No
         create mask = 660
         directory mask = 2770

Thank you very much in advance.

Tomas Kralik

Hi,

so in the end, it seems like I solved it on my own. All I had to do was 
to add "vfs objects = posix_eadb" option into the config file so now
the
share definition looks like this.

[data]
         path = /data
         read only = No
         create mask = 660
         directory mask = 2770
         vfs objects = posix_eadb

So far so good, hopefully it will run alright in the future as well.

I hope this solution will help someone with the same problem.

Tomas


On 08/11/2014 10:49 AM, Tom?? Kr?l?k wrote:
> Hello everybody,
>
> I have a server with CentOS 6.5 (kernel version 
> 2.6.32-431.5.1.el6.x86_64) and Samba version 4.2.0pre1-GIT-4daf7d4. I 
> am using this server as a PDC and so far everything is working quite 
> alright.
>
> However, I have a problem with permissions of files I want to share. 
> Mostly it is working well. Samba respects group memberships, including 
> supplementary groups, ownership, etc. The only problem is that Samba 
> is not honoring the setgid bit. When I create a file or directory in 
> Windows, it belongs to the user who created it and the group they have 
> as their primaryGroupID attribute, even though the directory has the 
> setgid bit set. When I create the file using a shell command, the 
> right group ownership is set. Does anyone know any solution for this 
> problem?
>
> I am sharing a directory which is mounted as NFS on the PDC. The 
> fileserver's OS is SLES. However, I also tried to share some local 
> directory, set the setgid bit and the result was the same.
>
> And one more, less important problem. When I create a file in a shared 
> directory from Windows in a directory that has been previously created 
> in Linux, the permissions of the new file respect the mask set in 
> smb.conf. However, when I create a file in a directory that has been 
> created in Windows, the execution bit is set and ACLs are created. Is 
> it possible to configurate the permissions to honor the mask in the 
> config so the exec bit does not get set? I hope it is not too confusing.
>
> The share config in smb.conf is very simple.
>
> [data]
>         path = /data
>         read only = No
>         create mask = 660
>         directory mask = 2770
>
> Thank you very much in advance.
>
> Tomas Kralik