Bug 1570 - force create mode issue
Summary: force create mode issue
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.0
Hardware: x86 Windows XP
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2004-07-29 05:20 UTC by Alex Zounek
Modified: 2005-02-07 08:49 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Alex Zounek 2004-07-29 05:20:39 UTC
Dear Samba Team,

I'd like to report a Samba new file permissions problem for which I found 
dozens of support requests on the net without any useful replies.

Hopefully, this helps identify the root cause of this issue which also seems 
to occur with new Samba versions 3.0.x.

In our domain we operate a file server under Samba 2.2.8a as PDC. Overall we 
are delighted with Samba and extend many thanks and compliments to the team. 
There is just this tiny isssue with new file permissions:

1. PDC »maestro« hosts 2 Samba shares named »parent« and »child« which are set 
up as:

level2 oplocks=no
create mode = 0770
force create mode = 0660
directory mode = 0770
force directory mode = 0770

2. The Linux permissions on both directories »parent« and »child« are:
drwxrwx---  root  users   i.e. members of the users group have rwx permissions.

3. On our Windows NT and XP clients we have mapped the »parent« share to 
network drive X:

4. If user »otto« who is a member of the users group accesses the »child« 
share via »X:\child« and creates a new file or directory, the new 
file/directory permissions are set to:
   -rwxr--r--  otto  users          or          drwxr-xr-x  otto  users
This agrees with the Samba default »create mode 755« but is not not what we 
expect considering the »create mode« and »force create mode« settings 
of »child« share.

5. Now, if user »otto« accesses the »child« share via »\\maestro\child« and 
creates a new file or directory the permissions are set to:
-rw-rw----  otto  users          or          drwxrwx---  otto  users
This is what we want.

From above it appears that with regard to new file permissions Samba 
distinguishes between the two different access paths to the »child« share, 
i.e.   »X:\child«   or    »\\maestro\child«

Best regards,
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-02-07 08:22:20 UTC
behavior is by design.
Comment 2 Lars Müller 2005-02-07 08:49:28 UTC
Use filesystem ACLs and 'inherit acls = Yes' for the parent share and adjust
your filesystem permissions on the child directory.  Use default ACLs for your
filesystem instead of the force and mask options on the Samba applicaztion level.

See http://acl.bestbits.at/ for details about Linus filesystem ACLs.

There is also an article in the SuSE support database.  See