Configuring Samba to set file permissions

Posted on 2004-03-24
Last Modified: 2010-03-18

I have set up a Samba on my Slackware 9.1-homeserver. I've got the shares working and hopefully the system secured enough. I have a share /data, which is owned by user winguest (root group), that is used only for samba-sharing. I am connecting to the server using my home networks two computers, both with Windows XP Pro.

The problem is, I cannot get the file permissions right for files copied to the share; when I am copying files from the workstations to server, I'd like to set their permissions on the server on the fly. I would like them to be 775 (full control for user & group, no write-access for others), but they seem to change from file to file, and never be the wanted ones. I have tried to read some manuals, man- and webpages, but just can't seem to get them working. The filepermissions in Windows seem to affect to the new permissions in the server. I can get some change in the permissions, but not the wanted one! Here's a clip from my config-file:

   path = /data
   read only = no
   writable = yes
   public = yes
;   create mask = 775
;   directory mask = 775
   force create mask = 001
   force directory mask = 001

I have tried with create mask and force create mask, and even with both (though, I guess atleast THAT is wrong). I have also tried using security mask and force security mask, but can't get them to affect quite anything. I have also tried with very many combinations of permission masks for (force) create/directory masks.

Can anyone please tell me, is this what I am trying to do even possible, and if so, HOW I could achieve it? Thank you! :)
Question by:petrrrr
  • 2
  • 2
LVL 17

Expert Comment

ID: 10672607
I would guess that samba has to follow the permissions on the linux box. Have a look at the default umask settings on your linux box.
LVL 40

Expert Comment

ID: 10677879
For that you'd want:

   create mode = 0664
   directory mode = 0775
for Samba shares. That causes the creation of files directories to be readable writable by user & group and readable by other (world).

Author Comment

ID: 10678531
A little more information for the problem: Using those masks jlevie suggested works just fine, I get a 664-permissions, but is it possible to also set the execute-bits for everyone, to get the 755-permissions? When I set the mask as 775, the created files will get 764-permissions; group and world lose the execute-bit! I'm starting to wonder, is it even possible to set those two bits!?
LVL 40

Accepted Solution

jlevie earned 125 total points
ID: 10680889
I've never tried to have Samba set a file mode of 755, so I don't know it that's possible. From what you describe it sounds like Samba may restrict executable status to the user on newly created files. From a security view I can see where that would be desireable.

Why would you want all files created by a windows box to be 755. The safe thing would be for them to be created as 644 and if they need to be executed  from Linux the owner of the file should specifically change the mode of those files that should be executable.

Author Comment

ID: 10687294
Yeah, I beginning to think so too. And in fact, when i think of it, maybe I can live without the execute-bit. :)

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
fsstat very high only on nfs client side rhel 10 102
Linux neworking 4 95
IPA complaining about DNS but DNS looks good.... 2 114
Cron jobs 12 128
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Sending a Secure fax is easy with eFax Corporate ( First, just open a new email message. In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now