When you configure Samba, I have ignored implementation parameters
create mode = 0777
directory mode = 0777
force create mode = 0777
force directory mode = 0777
force security mode = 0777
I decided to put the rights to the folder chmod 1777, after it is all the files are created with permissions 777, if the return chmod 0777, they also created 777.
If you change the mode in samba, they continue to be created with 777 rights, while ignoring the rights of Samba.
Directory to the directory on my samba is on a separate partition which is mounted on LVM/ext3 UUID in /var/data
Tried to mount with the bsdgroups, did not help.
ACL, I just can not get to work, publish below the exemplary configuration samba, some with the settings in Centos and Gentoo and it works.
[global]
bind interfaces only = yes
interfaces = eth0 eth1 lo
smb ports = 445 139
hosts deny = all
hosts allow = 10.14., 127.
workgroup = HIMERA
netbios name = alfa
server string = alfa himera Server
security = user
os level = 255
local master = yes
preferred master = yes
domain master = no
wins support = no
dns proxy = no
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = no
guest account = nobody
encrypt passwords = yes
passdb backend = tdbsam
unix charset = utf8
dos charset = cp1251
display charset = 1251
log file = /var/log/samba/%m.log
create mask = 0777
directory mask = 0777
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /var/data/share/himera/users/
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /var/data/share/himera/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
[himera]
comment = himera
path = /var/data/share/himera/sec/
writable = yes
printable = no
valid users = @himera
force group = himera
force user = icce
create mode = 0777
directory mode = 0777
force create mode = 0777
force directory mode = 0777
force security mode = 0777
>
> Hi, I installed OpenSuse 11.1.
>
> When you configure Samba, I have ignored implementation parameters
> create mode = 0777
> directory mode = 0777
> force create mode = 0777
> force directory mode = 0777
> force security mode = 0777
>
> I decided to put the rights to the folder chmod 1777, after it is all
> the files are created with permissions 777, if the return chmod 0777,
> they also created 777.
>
> If you change the mode in samba, they continue to be created with 777
> rights, while ignoring the rights of Samba.
>
> Directory to the directory on my samba is on a separate partition which
> is mounted on LVM/ext3 UUID in /var/data
>
> Tried to mount with the bsdgroups, did not help.
>
> ACL, I just can not get to work, publish below the exemplary
> configuration samba, some with the settings in Centos and Gentoo and it
> works.
>
>
> Code:
> --------------------
> [global]
> bind interfaces only = yes
> interfaces = eth0 eth1 lo
> smb ports = 445 139
> hosts deny = all
> hosts allow = 10.14., 127.
> workgroup = HIMERA
> netbios name = alfa
> server string = alfa himera Server
> security = user
> os level = 255
> local master = yes
> preferred master = yes
> domain master = no
> wins support = no
> dns proxy = no
> printing = cups
> printcap name = cups
> printcap cache time = 750
> cups options = raw
> map to guest = Bad User
> logon path = \%L\profiles.msprofile
> logon home = \%L%U.9xprofile
> logon drive = P:
> usershare allow guests = no
> guest account = nobody
> encrypt passwords = yes
> passdb backend = tdbsam
> unix charset = utf8
> dos charset = cp1251
> display charset = 1251
> log file = /var/log/samba/%m.log
These next two belong in your shares not the global section.
If placed here they apply to all shares.
> create mask = 0777
> directory mask = 0777
>
> [homes]
> comment = Home Directories
> valid users = %S, %D%w%S
> browseable = No
> read only = No
> inherit acls = Yes
>
> [profiles]
> comment = Network Profiles Service
> path = %H
> read only = No
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
>
> [users]
> comment = All users
> path = /var/data/share/himera/users/
> read only = No
> inherit acls = Yes
> veto files = /aquota.user/groups/shares/
>
> [groups]
> comment = All groups
> path = /var/data/share/himera/groups
> read only = No
> inherit acls = Yes
>
> [printers]
> comment = All Printers
> path = /var/tmp
> printable = Yes
> create mask = 0600
> browseable = No
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/drivers
> write list = @ntadmin root
> force group = ntadmin
> create mask = 0664
> directory mask = 0775
>
> [himera]
> comment = himera
> path = /var/data/share/himera/sec/
> writable = yes
> printable = no
> valid users = @himera
> force group = himera
> force user = icce
> create mode = 0777
> directory mode = 0777
> force create mode = 0777
> force directory mode = 0777
> force security mode = 0777
> --------------------
>
TuLiss;
I’m not sure I really understand your question, perhaps you need to describe
in a bit more detail. With that said let me explain a bit about the
mode/mask parameters.
“create mode” and “create mask” are synonyms. The values assigned are Bit
wise ANDed into the permission of files being created. There is not much use
to have “create mode = 0777” it only removes the SUID,SGID and Sticky bits.
This also applies to “directory mode” and “directory mask” except these are
applied to the directory permissions rather than file permissions.
The value assigned to “force create mode” is Bit wise ORed into the
permissions after applying the mask. It applies to the files that are
created. Similarly for “force directory mode” except it applies to
directories that are created not files.
“force security mode” acts much like the “force create mode” the value is
ORed into the permissions manipulated on a Windows machine. This controls
how you can modify the permissions from Windows.
None of these parameters belong in the Global section. Put them in each
share. To find out what values you have effectively assigned try:
testparm -v /etc/samba/smb.conf
–
P. V.
“We’re all in this together, I’m pulling for you.” Red Green