Samba 4 Simple Samba file share, Domain Controller Users - windows 7 I am having problems getting folder and file permissions to working properly from the Windows clients. No setting I change in smb.conf have any effect on files and folders created from windows clients. (I see this kind of question a lot other places so you must be tired of it.) Smb.conf [GLOBAL] force create mode = 0770 force directory mode = 0770 create mask = 0660 I don't have any create/mask statements in the share as they do not seem to make a difference. I am using a single large file share with sticky gid bit set (2774) Goal: files created should have user as owner and sambashare as group with 774 permissions. Folders are created with 2777 and set GID Files created with 0766 When I started working on this folders were getting created with 2740. On the server I chmod g+rw on the share and now folders are created with 2777. (this doesn't make sense to me) With every config change I reload the config file with (Ubuntu 16.04 lts): sudo /etc/init.d/samba reload -- mark B
Rowland Penny
2017-Feb-23 07:46 UTC
[Samba] Windows file directory creation permission confusion
On Wed, 22 Feb 2017 15:49:54 -0600 Markb via samba <samba at lists.samba.org> wrote:> Samba 4 > Simple Samba file share, Domain Controller > Users - windows 7 > > I am having problems getting folder and file permissions to working > properly from the Windows clients. No setting I change in smb.conf > have any effect on files and folders created from windows clients. > (I see this kind of question a lot other places so you must be tired > of it.)I take it that you haven't read this: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server What you are trying to do, will not work on a DC. Rowland
L.P.H. van Belle
2017-Feb-23 08:27 UTC
[Samba] Windows file directory creation permission confusion
Hai, Mark I suggest you try the following if there are no linux users working in the folders also from withing linux. ( so a windows computer/user only share ) Apply in this order, because you wil have to check and reset the rights again if you are changeing a share. So make a new share, and test before you apply in production. Set the folders in linux to 2777 like /home/data/ For the folder where the share starts and and all subfolders Remove these lines from you smb.conf> force create mode = 0770 > force directory mode = 0770 > create mask = 0660Add this line to the share. acl_xattr:ignore system acl = yes now go here. https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs go to this section Setting Share Permissions and ACLs At the share permissions.. Remove both these groups, add autenticated users with full controll. This allowes users to create folders at the root of you share if you have set a group a the folder security tab that has full control. If you dont want that, keep it as the example, but add user SYSTEM Now at the tab security. add "Domain Admins" Full control add "Domain users" list rights or adjust to you needs, but NO full control, if these can write here, they can create folders, which you probely not want. add "SYSTEM" add "Creator Groep" ( option add creator owner ) Now you might see "S-1-22-2-0" as unresolved user"( thats Creator Owner ) Ignore it. The "special" rights are set for the "Creator .." Dont change it. Now create subfolders, Inherit the rights from the folder below it, and block (if needed domain users) (set deny list) Add the group you want on the this folder. Give it change rights. Again no full control, only set full control if you want to allow users to change your folder security rights. Set change rights. Make sure this one has also add "Creator Groep" ( and or creator owner ) Bit of work but should work. Give it a try and let us know the result. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Markb via samba > Verzonden: woensdag 22 februari 2017 22:50 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Windows file directory creation permission confusion > > Samba 4 > Simple Samba file share, Domain Controller > Users - windows 7 > > I am having problems getting folder and file permissions to working > properly from the Windows clients. No setting I change in smb.conf have > any effect on files and folders created from windows clients. (I see > this kind of question a lot other places so you must be tired of it.) > > Smb.conf > [GLOBAL] > force create mode = 0770 > force directory mode = 0770 > create mask = 0660 > > I don't have any create/mask statements in the share as they do not seem > to make a difference. > I am using a single large file share with sticky gid bit set (2774) > > Goal: files created should have user as owner and sambashare as group > with 774 permissions. > > Folders are created with 2777 and set GID > Files created with 0766 > > When I started working on this folders were getting created with 2740. > On the server I chmod g+rw on the share and now folders are created with > 2777. (this doesn't make sense to me) > > With every config change I reload the config file with (Ubuntu 16.04 lts): > sudo /etc/init.d/samba reload > > -- > mark B > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba