Find the answer to your Linux question:
Results 1 to 6 of 6
We have started using ACLs on our fileserver and we are having a problem with getting Samba to behave correctly. When we create a file in Linux, the permissions and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2009
    Posts
    5

    Samba adds execute flag to all new files


    We have started using ACLs on our fileserver and we are having a problem with getting Samba to behave correctly. When we create a file in Linux, the permissions and ACLs are set correctly. Files are set to 640 and directories are set to 750. However, when we create it in Windows through Samba, regular files are being set with 650 and directories are set to 770. It's adding execute on files and execute+write to directories for groups!

    Here's my server info:

    ACLs on the directory:
    Code:
    getfacl /testing
    # file: .
    # owner: root
    # group: DomainUsers
    user::rwx
    group::rwx
    mask::rwx
    other::---
    default:user::rwx
    default:group::r-x
    default:mask::r-x
    default:other::---
    Create a file in linux. Looks fine:
    Code:
    touch unixfile1
    ls -l unixfile1
    -rw-r-----+ 1 root root 0 Jan 19 08:41 unixfile1
    Create a directory in linux. Looks fine:
    Code:
    mkdir unixdir1
    ls -l | grep unixdir1
    drwxr-x---+ 2 root     root        4096 Jan 19 08:41 unixdir1
    Create a file through Samba from a Windows server. It adds group execute!
    Code:
    ls -l winfile1
    -rwxr-x---+ 1 the3kgt2 DomainUsers    0 Jan 19 08:43 winfile1
    Create a directory through Samba from a Windows server. It adds group execute AND group write!
    Code:
    ls -l windir1
    drwxrwx---+ 2 the3kgt2 DomainUsers 4096 Jan 19 08:44 windir1
    Here's my smb.conf.
    Code:
    cat smb.conf
       workgroup = MYDOMAIN
       password server = windowsserver.mydomain.com
       realm = MYDOMAIN.COM
       security = ADS
       idmap uid = 500-10000000
       idmap gid = 500-10000000
       template shell = /bin/false
       winbind use default domain = true
       winbind offline logon = false
    	server string = pspice
    	log file = /etc/samba/var/log.%m
    	logon script = scripts\%U.bat
    	logon path = \\myserver\profiles\%U
    	idmap backend = ad
    	ldap idmap suffix = dc=mydomain,dc=com
    	ldap admin dn = cn=binduser,cn=Users,dc=mydomain,dc=com
    	ldap suffix = dc=mydomain,dc=com
    	winbind nested groups = yes
    	hosts allow = 10.20.30.0/255.255.255.0
    
    	inherit acls = Yes
            inherit acls = Yes
    
    [testing]
            comment = ACL testing
            path = /testing
    	read only = no

  2. #2
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,756

  3. #3
    Just Joined!
    Join Date
    Feb 2009
    Posts
    5
    I already tried adding directory mask = 0750 and create mask = 0640 to the share. No change, same problem.

    Even if it did work, I want samba to always follow ACL's. If a sub-directory in this share is set to default:group:rwx ACLs, then I want Samba to follow the ACL and create the file as 660, not 640.

  4. #4
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    i think with samba you have to assign certain parameters per share. Maybe you should look into:
    Code:
    [testing]
    acl map full control = True
    create mode = 0640
    directory mask = 0750
    You may even want to apply:
    Code:
    nt acl support = yes
    inherit acls = yes
    inherit permissions = yes

  5. #5
    Just Joined!
    Join Date
    Feb 2009
    Posts
    5
    I tried that and still get the same problem.

    The actual problem is samba not adding the correct mask. When I create a file in unix, the mask for files is correctly set to rw-. However, when I create a file in Windows, the mask for files is being set to rwx instead of rw-

  6. #6
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    So I guess the question now would be is the thing actually mounting the share with ACL permissions:

    Code:
    mount -t ext3
    It should have something like:
    /dev/sda2 on / type ext3 (rw)

    If you have your samba share on a separate mount point, the you might see something like:
    Code:
    /dev/sdb2 on /point/sambaroot type ext3 (rw, acl)
    Then that means its going to obey ACLs, and all those masks you assign are going to do nothing. In which case you should be able to set nt acl support to 'no'.

    Adjust those commands to whatever filesystem type you are actually using.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •