Solved

Configuring Samba to set file permissions

Posted on 2004-03-24
5
547 Views
Last Modified: 2010-03-18
Hi!

I have set up a Samba on my Slackware 9.1-homeserver. I've got the shares working and hopefully the system secured enough. I have a share /data, which is owned by user winguest (root group), that is used only for samba-sharing. I am connecting to the server using my home networks two computers, both with Windows XP Pro.

The problem is, I cannot get the file permissions right for files copied to the share; when I am copying files from the workstations to server, I'd like to set their permissions on the server on the fly. I would like them to be 775 (full control for user & group, no write-access for others), but they seem to change from file to file, and never be the wanted ones. I have tried to read some manuals, man- and webpages, but just can't seem to get them working. The filepermissions in Windows seem to affect to the new permissions in the server. I can get some change in the permissions, but not the wanted one! Here's a clip from my config-file:

[data]
   path = /data
   read only = no
   writable = yes
   public = yes
;   create mask = 775
;   directory mask = 775
   force create mask = 001
   force directory mask = 001

I have tried with create mask and force create mask, and even with both (though, I guess atleast THAT is wrong). I have also tried using security mask and force security mask, but can't get them to affect quite anything. I have also tried with very many combinations of permission masks for (force) create/directory masks.

Can anyone please tell me, is this what I am trying to do even possible, and if so, HOW I could achieve it? Thank you! :)
0
Comment
Question by:petrrrr
  • 2
  • 2
5 Comments
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 10672607
I would guess that samba has to follow the permissions on the linux box. Have a look at the default umask settings on your linux box.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10677879
For that you'd want:

   create mode = 0664
   directory mode = 0775
 
for Samba shares. That causes the creation of files directories to be readable writable by user & group and readable by other (world).
0
 

Author Comment

by:petrrrr
ID: 10678531
A little more information for the problem: Using those masks jlevie suggested works just fine, I get a 664-permissions, but is it possible to also set the execute-bits for everyone, to get the 755-permissions? When I set the mask as 775, the created files will get 764-permissions; group and world lose the execute-bit! I'm starting to wonder, is it even possible to set those two bits!?
0
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
ID: 10680889
I've never tried to have Samba set a file mode of 755, so I don't know it that's possible. From what you describe it sounds like Samba may restrict executable status to the user on newly created files. From a security view I can see where that would be desireable.

Why would you want all files created by a windows box to be 755. The safe thing would be for them to be created as 644 and if they need to be executed  from Linux the owner of the file should specifically change the mode of those files that should be executable.
0
 

Author Comment

by:petrrrr
ID: 10687294
Yeah, I beginning to think so too. And in fact, when i think of it, maybe I can live without the execute-bit. :)
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now