I have a ubuntu server sharing some folders using samba. When a client creates a new folder or file, the permissions aren't set according to the settings in smb.conf.
My current settings for a specific share:
[share] path = /mnt/share browsable = yes guest ok = no writable = yes read only = no create mask = 0774 directory mask = 0774 write list = netuserWhen a samba client (a windows 7 box) uses the 'netuser' account to create a file or directory, the permissions become
drwxr-sr-- 2 netuser sambashare 4096 2012-01-22 21:14 New folder
-rwxrw-r-- 1 netuser sambashare 0 2012-01-22 21:07 New Text Document.txtThe parent directory has the set group id flag, thus the sambashare group owner. The idea is that both samba users and server users belong to the sambashare group, and thus are to be able to edit, delete, and create files and directories. However, since created folders doesn't have the write flag for group set, server users cant create new files or folders in those folders without sudo.
i have tested adding and removing the directory mask, force directory mode, directory security mode, and the force directory security mode, but the behaviors still remains. Newly created files and folders doesn't get intended 774 permission, but rather 764 and 754 respectively.
What am I missing? Why doesn't samba set the correct permissions?
5 Answers
I think you need to use the following parameters:
# I changes the permissions to rw-rw-r--
# You should be able to change them to 775 if you need the files to
# be executable
create mask = 664
force create mode = 664
security mask = 664
force security mode = 664
# I set the SGID flag here as I thought this is what you wanted
# You could change to 0775
directory mask = 2775
force directory mode = 2775
directory security mask = 2775
force directory security mode = 2775I was looking for a nice explanation of how these settings work, but could not find anything better then man smb.conf
You will have to scroll down a bit for those options.
Basically, in a nutshell, windows permissions are not the same as unix (linux) and it is a bit odd how samba maps permissions.
5I had the same problem, but everything like mask directives did not work for me (Samba 4.3.11):
create mask = 0664 force create mode = 0664 directory mask = 02775 force directory mode = 02775The only option that worked was under the [global] or share section:
inherit permissions = yesJust change all folder and file permissions to your need, so future folders and files will inherit the same permissions.
4After a lot of trial and error, this is the correct code to share samba dir using SGID and unix groups. If user connects anonymously he gets r/o, if he logs in and is a member of assigned group he gets r/w.
I have group named 'admin' set as primary group to users with write privileges, everyone else gets read only rights.
I force user to nobody, so different people working on same files don't interfere with each other.
I set chmod 2755 on shared directory, so it inherits created directories with the same group 'admin'
$ chmod -R 2755 /home/shares/testChecking if all is good:
$ stat /home/shares/test
Access: (2755/drwxr-sr-x) Uid: (65534/ nobody) Gid: ( 1001/ admin)Relevant part of /etc/samba/smb.conf:
[test] comment = test path = /home/shares/test force user = nobody read only = No create mask = 0664 force create mode = 0664 directory mask = 02775 force directory mode = 02775This post put me on right track, but testparm revealed 4 incorrect directives, so I'm sharing fixed config here. In samba, the less directives you specify the better it works.
There is a very similar problem when connecting from other Unix / Linux / OSX / MacOS devices: all of the settings are ignored unless you specify
[global]
unix extensions = noAnd connect with smb://<serverhost> instead of cifs://<serverhost>.
Here add this code to the sudo nano smb.conf and restart sudo service smbd restart and access from another local PC/computer using connect with smb://<serverhost> to create or edit files/folder html is folder name [html] comment = admin access path = /var/www/html browsable = yes guest ok = no writable = yes valid users = @admin create mask = 664 force create mode = 664 security mask = 664 force security mode = 664 directory mask = 2775 force directory mode = 2775 directory security mask = 2775 force directory security mode = 2775
