Find the answer to your Linux question:
Results 1 to 6 of 6
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Samba adds execute flag to all new files

    We have started using ACLs on our fileserver and we are having a problem with getting Samba to behave correctly. When we create a file in Linux, the permissions and ACLs are set correctly. Files are set to 640 and directories are set to 750. However, when we create it in Windows through Samba, regular files are being set with 650 and directories are set to 770. It's adding execute on files and execute+write to directories for groups!

    Here's my server info:

    ACLs on the directory:
    getfacl /testing
    # file: .
    # owner: root
    # group: DomainUsers
    Create a file in linux. Looks fine:
    touch unixfile1
    ls -l unixfile1
    -rw-r-----+ 1 root root 0 Jan 19 08:41 unixfile1
    Create a directory in linux. Looks fine:
    mkdir unixdir1
    ls -l | grep unixdir1
    drwxr-x---+ 2 root     root        4096 Jan 19 08:41 unixdir1
    Create a file through Samba from a Windows server. It adds group execute!
    ls -l winfile1
    -rwxr-x---+ 1 the3kgt2 DomainUsers    0 Jan 19 08:43 winfile1
    Create a directory through Samba from a Windows server. It adds group execute AND group write!
    ls -l windir1
    drwxrwx---+ 2 the3kgt2 DomainUsers 4096 Jan 19 08:44 windir1
    Here's my smb.conf.
    cat smb.conf
       workgroup = MYDOMAIN
       password server =
       realm = MYDOMAIN.COM
       security = ADS
       idmap uid = 500-10000000
       idmap gid = 500-10000000
       template shell = /bin/false
       winbind use default domain = true
       winbind offline logon = false
    	server string = pspice
    	log file = /etc/samba/var/log.%m
    	logon script = scripts\%U.bat
    	logon path = \\myserver\profiles\%U
    	idmap backend = ad
    	ldap idmap suffix = dc=mydomain,dc=com
    	ldap admin dn = cn=binduser,cn=Users,dc=mydomain,dc=com
    	ldap suffix = dc=mydomain,dc=com
    	winbind nested groups = yes
    	hosts allow =
    	inherit acls = Yes
            inherit acls = Yes
            comment = ACL testing
            path = /testing
    	read only = no

  2. #2

  3. #3
    I already tried adding directory mask = 0750 and create mask = 0640 to the share. No change, same problem.

    Even if it did work, I want samba to always follow ACL's. If a sub-directory in this share is set to default:group:rwx ACLs, then I want Samba to follow the ACL and create the file as 660, not 640.

  4. $spacer_open
  5. #4
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Western Kentucky
    i think with samba you have to assign certain parameters per share. Maybe you should look into:
    acl map full control = True
    create mode = 0640
    directory mask = 0750
    You may even want to apply:
    nt acl support = yes
    inherit acls = yes
    inherit permissions = yes

  6. #5
    I tried that and still get the same problem.

    The actual problem is samba not adding the correct mask. When I create a file in unix, the mask for files is correctly set to rw-. However, when I create a file in Windows, the mask for files is being set to rwx instead of rw-

  7. #6
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Western Kentucky
    So I guess the question now would be is the thing actually mounting the share with ACL permissions:

    mount -t ext3
    It should have something like:
    /dev/sda2 on / type ext3 (rw)

    If you have your samba share on a separate mount point, the you might see something like:
    /dev/sdb2 on /point/sambaroot type ext3 (rw, acl)
    Then that means its going to obey ACLs, and all those masks you assign are going to do nothing. In which case you should be able to set nt acl support to 'no'.

    Adjust those commands to whatever filesystem type you are actually using.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts