I have a problem where permission bits are not being enforced on a samba share using a Linux client. I have samba configured on the server to force a certain user, group and permission bits and this works as expected until I touch the file or it becomes the target of IO redirection.
Here's what's happening:
user@linuxbox:~-->ls -l ~/archive/foo.txt
ls: cannot access /home/user/archive/foo.txt: No such file or directory
user@linuxbox:~-->touch ~/archive/foo.txt
user@linuxbox:~-->ls -l ~/archive/foo.txt
-rw-rw-r-- 1 archive archive 0 2010-09-13 20:29 /home/user/archive/foo.txt
user@linuxbox:~-->touch ~/archive/foo.txt
user@linuxbox:~-->ls -l ~/archive/foo.txt
-rwxrwxrwx 1 archive archive 0 2010-09-13 20:30 /home/user/archive/foo.txt
Notice when I touch the existing file its permission bits are 0777. They're supposed to be 0664 like when it was first created. How can I enforce 0664 on the existing file?
I have version 3.0.24 on the server and version 3.4.7 on the client. Here's my smb.conf:
[global]
interfaces = egiga0
unix charset = UTF8
workgroup = workgroup
netbios name = foo
server string = Foo
security = USER
map to guest = bad user
host msdfs = no
encrypt passwords = yes
[archive]
comment = File Archive
path = /home/archive
force user = archive
force group = archive
read only = yes
write list = @archive
guest ok = yes
create mask = 0
force create mode = 0664
security mask = 0
force security mode = 0664
directory mask = 0
force directory mode = 0775
directory security mask = 0
force directory security mode = 0775
Best Answer
The samba permissions only work on the SMB (ie Windows) network clients. If you want to enforce this on the server (and any NFS clients) you need to set the sticky bit on all the directories.
first correct the files that are there:
then enforce this with the group sticky bit
This is not infalable but does solve 99% of this sort of problem.
Regards DaveF
Result on my Solaris box: