[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Configuring Samba to set file permissions

Posted on 2004-03-24
Medium Priority
Last Modified: 2010-03-18

I have set up a Samba on my Slackware 9.1-homeserver. I've got the shares working and hopefully the system secured enough. I have a share /data, which is owned by user winguest (root group), that is used only for samba-sharing. I am connecting to the server using my home networks two computers, both with Windows XP Pro.

The problem is, I cannot get the file permissions right for files copied to the share; when I am copying files from the workstations to server, I'd like to set their permissions on the server on the fly. I would like them to be 775 (full control for user & group, no write-access for others), but they seem to change from file to file, and never be the wanted ones. I have tried to read some manuals, man- and webpages, but just can't seem to get them working. The filepermissions in Windows seem to affect to the new permissions in the server. I can get some change in the permissions, but not the wanted one! Here's a clip from my config-file:

   path = /data
   read only = no
   writable = yes
   public = yes
;   create mask = 775
;   directory mask = 775
   force create mask = 001
   force directory mask = 001

I have tried with create mask and force create mask, and even with both (though, I guess atleast THAT is wrong). I have also tried using security mask and force security mask, but can't get them to affect quite anything. I have also tried with very many combinations of permission masks for (force) create/directory masks.

Can anyone please tell me, is this what I am trying to do even possible, and if so, HOW I could achieve it? Thank you! :)
Question by:petrrrr
  • 2
  • 2
LVL 17

Expert Comment

ID: 10672607
I would guess that samba has to follow the permissions on the linux box. Have a look at the default umask settings on your linux box.
LVL 40

Expert Comment

ID: 10677879
For that you'd want:

   create mode = 0664
   directory mode = 0775
for Samba shares. That causes the creation of files directories to be readable writable by user & group and readable by other (world).

Author Comment

ID: 10678531
A little more information for the problem: Using those masks jlevie suggested works just fine, I get a 664-permissions, but is it possible to also set the execute-bits for everyone, to get the 755-permissions? When I set the mask as 775, the created files will get 764-permissions; group and world lose the execute-bit! I'm starting to wonder, is it even possible to set those two bits!?
LVL 40

Accepted Solution

jlevie earned 500 total points
ID: 10680889
I've never tried to have Samba set a file mode of 755, so I don't know it that's possible. From what you describe it sounds like Samba may restrict executable status to the user on newly created files. From a security view I can see where that would be desireable.

Why would you want all files created by a windows box to be 755. The safe thing would be for them to be created as 644 and if they need to be executed  from Linux the owner of the file should specifically change the mode of those files that should be executable.

Author Comment

ID: 10687294
Yeah, I beginning to think so too. And in fact, when i think of it, maybe I can live without the execute-bit. :)

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question