On 24/02/15 20:35, Rowland Penny wrote:> On 24/02/15 20:23, John wrote:
>> I apologise for asking a basic question but I haven't been able to
>> determine a sensible answer.
>>
>> I am using 4.1.17 as AD-DC. All configured and working with user home
>> directories via [homes] and some other specific shares.
>>
>> Windows 7 client jointed to domain, users can log in and create files
in
>> their home directory.
>>
>> However the system permissions on those files are not what I expect and
>> I am trying to understand why.
>>
>> My [homes] sets "create mask" and "directory mask"
to 0700 but
>> everything created has "0770".
>>
>> I have another share with a create mask of 0755. Files in there get
>> 0775.
>>
>> I have checked with testparm that there is nothing configured to set to
>> 0770 anywhere. it's like there is a "force create mode"
but there isn't:
>>
>> $ testparm -v | grep -e 'force.*mode'
>> force create mode = 00
>> force directory mode = 00
>>
>> What am I missing? What could be overriding my permissions ?
>>
>> Thanks for any advice,
>> John
>>
>>
>
> For one thing you are missing the fact that [homes] doesn't work with
> a samba4 DC, you should also be using ACLs instead of 'force mode'
etc.
Hmm, I didn't know that. Is that officially stated anywhere? It does
appear to work for me except for the permissions issue. Could you
elaborate on what doesn't work - there's probably something I
haven't
hit on yet.>
> Try browsing the wiki: https://wiki.samba.org/index.php/Main_Page
;) Goes without saying - it was the first placed I turned to but it
isn't always straightforward to find where the answers
are.>
> For your home share see:
> https://wiki.samba.org/index.php/Setting_up_a_home_share
>
> For ACLs see:
>
>
https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs#Change_permissions_on_folders_of_a_share
>
>
I'll look at these in more detail. I'm already using ACLs though but
I'll look at the alternative way to implement home directories.
What the above doesn't explain is why I am seeing additional permissions
being applied on the server filesystem. It isn't a homes issue because
it happens on other shares too. I'd like to get to the bottom of that
one... Something is applying an OR-mask of 0770 to whatever files'
permissions should be. The question is what...?
> Rowland
>