Peddu_bhanu
asked on
Critical : Samba create mask and dir mask on RHEL 4.8 !!!!!
Hi Experts,
I'm using samba -3.6.1 on Red Hat Enterprise Linux ES release 4 (Nahant Update 8) ,all seems ok. The issue im facing is as follows.
When ever a user creates a file via windows explorer the permissions assgined to the file are as follows
-rw-rwxr--+ 1 tom group2 0 Mar 9 10:02 testfile
drwxrwsr-x+ 2 bob group1 4096 Mar 9 10:38 testdir
Im ok with the directory permissions but would like the file permissions to be 644, following are my smb.conf ( create mask ) details
create mask = 0644
force create mode = 0644
security mask = 0664
force security mode = 0664
directory mask = 2775
force directory mode = 2775
directory security mask = 2775
force directory security mode = 2775
Also I have Linux ACL's on the shares for as the requirement called for some complexity.
so that only a few users in a group have access to the share.Could you experts help me with suitable mask that i need to use in smb,conf and a little explanation would be appreciated.
Thanks in advance
I'm using samba -3.6.1 on Red Hat Enterprise Linux ES release 4 (Nahant Update 8) ,all seems ok. The issue im facing is as follows.
When ever a user creates a file via windows explorer the permissions assgined to the file are as follows
-rw-rwxr--+ 1 tom group2 0 Mar 9 10:02 testfile
drwxrwsr-x+ 2 bob group1 4096 Mar 9 10:38 testdir
Im ok with the directory permissions but would like the file permissions to be 644, following are my smb.conf ( create mask ) details
create mask = 0644
force create mode = 0644
security mask = 0664
force security mode = 0664
directory mask = 2775
force directory mode = 2775
directory security mask = 2775
force directory security mode = 2775
Also I have Linux ACL's on the shares for as the requirement called for some complexity.
so that only a few users in a group have access to the share.Could you experts help me with suitable mask that i need to use in smb,conf and a little explanation would be appreciated.
Thanks in advance
Delete all of these:
create mask = 0644
force create mode = 0644
security mask = 0664
force security mode = 0664
directory mask = 2775
force directory mode = 2775
directory security mask = 2775
force directory security mode = 2775
And replace with these:
create mode = 664
directory mode = 2770
force directory mode = 2770
inherit permissions = yes
Also try to avoid Linux ACL's because they hurt performance.
I have found better to create a single share where all users can enter read-only (since they belong, say to smbusers group) then create a directory for each group.
say, accounting: accounting users will need to be part of smbusers,accounting groups, and you give permissions 2770 to the accounting directory.
With this, I have been able to sort-out the need of ACL's until today.
See:
SHARE/
+ Accounting
+ Engineering
+ Accounting-Engineering
+ Shared
(The shared directory has files older than 1 days been deleted daily. I do not allow files on shared as it is only for passing files)
Hope you get the idea.
create mask = 0644
force create mode = 0644
security mask = 0664
force security mode = 0664
directory mask = 2775
force directory mode = 2775
directory security mask = 2775
force directory security mode = 2775
And replace with these:
create mode = 664
directory mode = 2770
force directory mode = 2770
inherit permissions = yes
Also try to avoid Linux ACL's because they hurt performance.
I have found better to create a single share where all users can enter read-only (since they belong, say to smbusers group) then create a directory for each group.
say, accounting: accounting users will need to be part of smbusers,accounting groups, and you give permissions 2770 to the accounting directory.
With this, I have been able to sort-out the need of ACL's until today.
See:
SHARE/
+ Accounting
+ Engineering
+ Accounting-Engineering
+ Shared
(The shared directory has files older than 1 days been deleted daily. I do not allow files on shared as it is only for passing files)
Hope you get the idea.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have solved the issue by setting normal ACL's at the top hierarchy and setting default ACL's on the sub directories as per my requirement.
Have you tried:
security mask = 0644
force security mode = 0644
Also check the umask settings that the user has (typically 0022 which creates files of -rw-r--r-- and directories of drwxr-xr-x).
http://www.unix.com/tips-tutorials/19060-unix-file-permissions.html
Have you rebooted the Windows machine after you've made changes in the Samba setup? Might help.
Regards, Tobias