Samba with OSX

William Muriithi william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Sep 19 15:59:56 UTC 2011


Hello

This is just a FYI.  For months, I have been hunting for a random
permission issue that I think I have finally found a solution.  Just
want to share, may help some one in the group in future.

Samba version 3.2.5
Debian GNU/Linux 5.0

A little a bit about the set up.   The samba server host both private
and shared folders.  User authentication is through openLDAP running
on another box.  The private share never have problems, but once in a
while, I do get report that users in a group can not access a file
that was created by one of the group member.  On checking, I notice
that samba has disregarded the share

For example

drwx------  9 jroberts creative  146 2010-11-29 09:58 BBC Earth wallpapers

As you can see, only Robert, who created this directory can now
read/write to it despite the fact it should be owned by the whole
group.  That is odd since the share is set up as follows:


[creative]
path = /home/creative
read only = no
guest ok = no
printable = no
comment =  File Share for creative team
create mask = 0660
directory mask = 0660
force create mode = 0660
force directory mode = 0660
writable = yes
browsable = yes
preexec= "echo preexec %T u.g=%u.%g, U.G=%U.%G >>
/root/samba_permission.log" -> Me trying to figure whats going on
force group = creative
valid users = @creative

>From the above, you would assume samba would respect the create mode
configuration, so it left me scratching my head when I saw the file
with wrong permission.

It turn out that if samba was set up with "unix extensions = yes", all
the above is ignored and the client can use what ever permission it
feels like to create the file.  I have now disabled it, but the
question is, why did samba provide this facility? Isn't it a security
risk? I really do not get it.

Anyway, I will see if it get better going forward

Thanks and great week

William
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list