The Samba-Bugzilla – Bug 1570
force create mode issue
Last modified: 2005-02-07 08:49:28 UTC
Dear Samba Team,
I'd like to report a Samba new file permissions problem for which I found
dozens of support requests on the net without any useful replies.
Hopefully, this helps identify the root cause of this issue which also seems
to occur with new Samba versions 3.0.x.
In our domain we operate a file server under Samba 2.2.8a as PDC. Overall we
are delighted with Samba and extend many thanks and compliments to the team.
There is just this tiny isssue with new file permissions:
1. PDC »maestro« hosts 2 Samba shares named »parent« and »child« which are set
create mode = 0770
force create mode = 0660
directory mode = 0770
force directory mode = 0770
2. The Linux permissions on both directories »parent« and »child« are:
drwxrwx--- root users i.e. members of the users group have rwx permissions.
3. On our Windows NT and XP clients we have mapped the »parent« share to
network drive X:
4. If user »otto« who is a member of the users group accesses the »child«
share via »X:\child« and creates a new file or directory, the new
file/directory permissions are set to:
-rwxr--r-- otto users or drwxr-xr-x otto users
This agrees with the Samba default »create mode 755« but is not not what we
expect considering the »create mode« and »force create mode« settings
of »child« share.
5. Now, if user »otto« accesses the »child« share via »\\maestro\child« and
creates a new file or directory the permissions are set to:
-rw-rw---- otto users or drwxrwx--- otto users
This is what we want.
From above it appears that with regard to new file permissions Samba
distinguishes between the two different access paths to the »child« share,
i.e. »X:\child« or »\\maestro\child«
behavior is by design.
Use filesystem ACLs and 'inherit acls = Yes' for the parent share and adjust
your filesystem permissions on the child directory. Use default ACLs for your
filesystem instead of the force and mask options on the Samba applicaztion level.
See http://acl.bestbits.at/ for details about Linus filesystem ACLs.
There is also an article in the SuSE support database. See