Samba permissions when creating a new folder through Windows

[jackaninny]

I've got a small issue that when a Windows user creates a new folder through Windows Explorer (from the menu or by right clicking) the new folder is only accessible to that particular user.

Example:

user SABKAR (member of the HR group) creates a new folder called MarcTestMenu in a shared Samba directory through Windows Explorer:

# ls -l
# drwxr-sr-x 2 sabkar hr 48 2010-04-01 10:36 MarcTestMenu

At this point user MORAMY cannot copy a file or open the directory MarcTestMenu. MORAMY gets a 'not accessible' error message in Windows.

If I su to the Samba box and issue this command:

# chmod 6770 MarcTestMenu/

I now get the follow permissions on the directory:

# drwsrws--- 2 sabkar hr 48 2010-04-01 10:38 MarcTestMenu

and user MORAMY can access and copy files to the directory.



Any thoughts on how I can get the correct default permissions when users create directories through Windows?

Thanks in advance.

[HROAdmin26]

Google: samba create mask directory mask

[jackaninny]

OK - Here are some sections from my current smb.conf file - still having issues:

[global]
workgroup = CSCOINTERNAL
server string = %h server
auth methods = guest, sam
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
name resolve order = wins bcast hosts lmhosts
load printers = No
printcap name = /dev/null
add user script = /usr/sbin/useradd -m '%u'
add group script = /usr/sbin/groupadd '%g'
add machine script = /usr/sbin/useradd -M '%u'
preferred master = No
domain master = No
dns proxy = No
wins server = 192.168.1.10
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
template shell = /bin/bash
winbind separator = +


[SNIP]

[hr]
path = /home/hr
write list = hr
read only = No
create mask = 0775
force create mode = 0775
directory mask = 0775
force directory mode = 0775

[scathefire]

how about

Code:

writeable = yes  
acl map full control = True

[jackaninny]

how about

Code:

writeable = yes  
acl map full control = True

Would that go under the Global Section or the specific share section of the smb.conf file?

[scathefire]

specific share

[jackaninny]

I think that was what I needed.

Now when I test as a end user I get this for a folder/directory created in that share through Windows Explorer:

drwxrwsr-x 2 moramy hr 72 2010-04-14 13:05 MARCTEST


and this when created as an end user in that directory:

-rwxrwxr-x 1 moramy hr 10 2010-04-14 13:06 TEST.TXT


Both users can open, modify and save files in the directory. Hopefully this is the end of it. Thanks.

[jackaninny]

So after the changes the specific share in my smb.conf looks like:

[hr]
path = /home/hr
write list = hr
read only = No
force create mode = 775
create mode = 775
force directory mode = 775
directory mode = 775
writeable = yes
acl map full control = True


Anyone spot an obvious (no not so obvious) problem with these changes I might not be taking into account?