Configuring Samba to set file permissions

Posted on 2004-03-24
Last Modified: 2010-03-18

I have set up a Samba on my Slackware 9.1-homeserver. I've got the shares working and hopefully the system secured enough. I have a share /data, which is owned by user winguest (root group), that is used only for samba-sharing. I am connecting to the server using my home networks two computers, both with Windows XP Pro.

The problem is, I cannot get the file permissions right for files copied to the share; when I am copying files from the workstations to server, I'd like to set their permissions on the server on the fly. I would like them to be 775 (full control for user & group, no write-access for others), but they seem to change from file to file, and never be the wanted ones. I have tried to read some manuals, man- and webpages, but just can't seem to get them working. The filepermissions in Windows seem to affect to the new permissions in the server. I can get some change in the permissions, but not the wanted one! Here's a clip from my config-file:

   path = /data
   read only = no
   writable = yes
   public = yes
;   create mask = 775
;   directory mask = 775
   force create mask = 001
   force directory mask = 001

I have tried with create mask and force create mask, and even with both (though, I guess atleast THAT is wrong). I have also tried using security mask and force security mask, but can't get them to affect quite anything. I have also tried with very many combinations of permission masks for (force) create/directory masks.

Can anyone please tell me, is this what I am trying to do even possible, and if so, HOW I could achieve it? Thank you! :)
Question by:petrrrr
  • 2
  • 2
LVL 17

Expert Comment

ID: 10672607
I would guess that samba has to follow the permissions on the linux box. Have a look at the default umask settings on your linux box.
LVL 40

Expert Comment

ID: 10677879
For that you'd want:

   create mode = 0664
   directory mode = 0775
for Samba shares. That causes the creation of files directories to be readable writable by user & group and readable by other (world).

Author Comment

ID: 10678531
A little more information for the problem: Using those masks jlevie suggested works just fine, I get a 664-permissions, but is it possible to also set the execute-bits for everyone, to get the 755-permissions? When I set the mask as 775, the created files will get 764-permissions; group and world lose the execute-bit! I'm starting to wonder, is it even possible to set those two bits!?
LVL 40

Accepted Solution

jlevie earned 125 total points
ID: 10680889
I've never tried to have Samba set a file mode of 755, so I don't know it that's possible. From what you describe it sounds like Samba may restrict executable status to the user on newly created files. From a security view I can see where that would be desireable.

Why would you want all files created by a windows box to be 755. The safe thing would be for them to be created as 644 and if they need to be executed  from Linux the owner of the file should specifically change the mode of those files that should be executable.

Author Comment

ID: 10687294
Yeah, I beginning to think so too. And in fact, when i think of it, maybe I can live without the execute-bit. :)

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question