well … at the local level, I was able to inherit the correct permissions of the parent folder
and everything works fine !!!
enabling either the ACL that mounting the home with bindfs
What I can not understand is how to do the same thing that I do at the local level, but with SAMBA,
namely:
I need to inherit the permissions of “/home/localShared” (smb://Netbook/Shared)
I tried with bindfs, but does not work
I tried with smb.conf’s permissions and acl, but does not work
I tried to change the “/home” permissions in 777 of the file “/etc/permission”
I try to change the permissions of the following files?
/etc/permission.easy, /etc/permission.local, /etc/permission.secure, /etc/permission.paranoid
the way … to change the permissions of APPARMOR is the right one?
if so, to what folder you need to change the permissions samba Directory to inherit the permissions you want?
if so, in the APPARMOR files, for which path I need to change the permissions?
Samba applies a mask to files and directories created inside a share. The default is 0744 for files and 0755 for directories. You can change that with create mask and directory mask share’s parameters, respectively.
For you problem, you should set inherit permissions share’s parameter to true in smb.conf. Note that inherit permissions parameter overrides create mask, directory mask, force create mode and force directory mode:
You may be also interested by inherit owner share’s parameter:
Hi, thank you very much for your help (openSUSE13.1, kde 4.12)
I think I’ve tried all:
umask logindef, the acl, bindfs suid etc. … etc. …
but the permissions remain the same as those of my “home”
the only thing that comes to mind is Aparmor
In any case I attached my smb.conf maybe it is full of errors
Ciao and thank you!!
aparmor:
# aa-status
apparmor module is loaded.
29 profiles are loaded.
29 profiles are in enforce mode.
/sbin/klogd
/sbin/syslog-ng
/sbin/syslogd
/usr/lib/apache2/mpm-prefork/apache2
/usr/lib/apache2/mpm-prefork/apache2//DEFAULT_URI
/usr/lib/apache2/mpm-prefork/apache2//HANDLING_UNTRUSTED_INPUT
/usr/lib/apache2/mpm-prefork/apache2//phpsysinfo
/usr/lib/dovecot/deliver
/usr/lib/dovecot/dovecot-auth
/usr/lib/dovecot/imap
/usr/lib/dovecot/imap-login
/usr/lib/dovecot/managesieve-login
/usr/lib/dovecot/pop3
/usr/lib/dovecot/pop3-login
/usr/lib/nagios/plugins/check_dhcp
/usr/lib/nagios/plugins/check_ntp_time
/usr/sbin/avahi-daemon
/usr/sbin/dnsmasq
/usr/sbin/dovecot
/usr/sbin/identd
/usr/sbin/mdnsd
/usr/sbin/nmbd -----> ???
/usr/sbin/nscd
/usr/sbin/ntpd
/usr/sbin/smbldap-useradd -----> ???
/usr/sbin/smbldap-useradd///etc/init.d/nscd -----> ???
/usr/sbin/winbindd
/usr/{sbin/traceroute,bin/traceroute.db}
/{usr/,}bin/ping
0 profiles are in complain mode.
8 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
8 processes are unconfined but have a profile defined.
/usr/sbin/avahi-daemon (420)
/usr/sbin/nmbd (5140)
/usr/sbin/nscd (426)
/usr/sbin/ntpd (668)
/usr/sbin/winbindd (564)
/usr/sbin/winbindd (599)
/usr/sbin/winbindd (663)
/usr/sbin/winbindd (664)
smb.conf:
[global]
;============== identity ==============
workgroup = WORKGROUP
netbios name = Netbook
server string = %i_smb_%v
comment = SonyVaio netbook
;============== security ==============
security = user
;=========== name resolution ==========
include = /etc/samba/dhcp.conf
preferred master = yes
local master = yes
os level = 65
wins support = Yes
dns proxy = no
name resolve order = wins bcast lmhosts hosts
domain master = Auto
domain logons = No
;================ users ===============
username map = /etc/samba/smbusers
smb passwd file = /etc/samba/smbpasswd
passdb backend = tdbsam
encrypt passwords = Yes
; definire regole password
; password level = Yes
; password level = 2
; invalid users = root
guest account = guest
map to guest = Bad User
usershare allow guests = Yes
; idmap gid = 10000-20000 ...deprecated
; idmap uid = 10000-20000 ...deprecated
;================ hosts ================
hostname lookups = No
hosts allow = 192.168.
hosts deny = ALL EXCEPT 192.168.
interfaces = 192.168.1.0/255.255.255.0 127.0.0.1
; interfaces = eth0 lo
bind interfaces only = Yes
;=============== shares ================
usershare max shares = 100
;============= permissions =============
; create mask = 0755
;================ debug ================
log file = /var/log/samba/samba.%m.log
log level = 3
max log size = 50
debug pid = no
debug uid = no
max log size = 200
;======= performance optimizations ======
winbind enum users = No
winbind enum groups = No
socket options = TCP_NODELAY
;================ scripts ===============
logon home = \\%L\%U\.profile
logon path = \\%L\samba\profiles\%U
logon drive = P:
logon script = netlogon.bat
;=============== printers ===============
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
load printers = yes
; display charset = ISO-8859-15
unix charset = ISO-8859-15
[Homes]
comment = %L/%u_on_%I
path = /home/%u
case sensitive = No
;============== security ==============
available = Yes
browseable = No
valid users = @users
; invalid users = root
guest ok = No
read only = No
follow symlinks = No
veto files = /MyNetwork/groups/Shared/Public/core/cores/lost+found/*Security*/
; prefix allow list =
; prefix deny list =
hide dot files = yes
hide special files = yes
hide unreadable = no
hide unwriteable files = no
strict locking = No
;========= samba permissions ==========
;============ recycle bin =============
vfs objects = recycle
recycle:repository = /home/NetTrash/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:exclude = *.tmp,*.log
recycle:exclude_dir =
recycle:touch = Yes
recycle:maxsize = 20480
recycle:directory_mode = 0770
recycle:subdir_mode = 0700
recycle:noversions = *.doc
[Shared]
comment = %L/Shared_on_%I
path = /home/Shared
case sensitive = No
;============== security ==============
available = Yes
browseable = Yes
admin users =
valid users = @users
; invalid users = root
guest ok = No
read only = No
write list = @users guest
read list =
follow symlinks = No
veto files = /MyNetwork/groups/Shared/Public/core/cores/lost+found/*Security*/
; prefix allow list =
; prefix deny list =
hide dot files = yes
hide special files = yes
hide unreadable = no
hide unwriteable files = no
strict locking = No
;========= samba permissions ==========
; force user = guest
force group = users
directory mask = 2774
force directory mode = 2774
create mask = 2774
force create mode = 2774
vfs objects = acl_xattr
acl group control = Yes
acl map full control = Yes
nt acl support = Yes
profile acls = No
map acl inherit = Yes
map archive = no
; force unknown acl user = No
map acl inherit = Yes
inherit acls = Yes
inherit owner = Yes
inherit permissions = Yes
;============ recycle bin =============
vfs objects = recycle
recycle:repository = /home/NetTrash/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:exclude = *.tmp,*.log
recycle:exclude_dir =
recycle:touch = Yes
recycle:maxsize = 20480
recycle:directory_mode = 0770
recycle:subdir_mode = 0700
recycle:noversions = *.doc
I’m not familiar with AppArmor, but by reading the configuration of your SMB share Shared I see that you set inhererit permissions to Yes after you have set the file mask and directory mask. In consequence, the values you set for create mask, directory mask, force create mode and force directory mode are overwritten by the permissions of the parent folder.
My recommendation is to delete or deactivate share’s inherit permissions parameter. The values you set for the file mask and directory mask would then be effective.