When mounting cifs share in Linux, and creating a new file (using touch etc), the permissions are set to 644, even though the config files attempts to force to 660. [data] comment = Shared Data inherit acls = No path = /home/data read only = No force group = "Domain Users" create mask = 0660 directory mask = 770 force create mode = 0660 force directory mode = 0770 umask seems to affect this behaviour, which is unexpected as Samba should be mangling the umask and/or permission bits when file I/O is carried out via CIFS/SMB. Creation of new directories are working as expected - new dirs have permission bits set to 770.
Disabling unix extensions causes the files to be owned by root:root, with permissions set to -rwxrwSrwx. This seems to be too excessively open.
Jeremy, could you please comment on this one?
When CIFSFS is creating files, it creates the file then sets the mode bits. The problem is you are only restricting the create operation, not the mode setting operation. In order to restrict the mode setting operation, check out the documentation in smb.conf for the parameters: force security mode security mask force directory security mode directory security mask Jeremy.
Thanks Jeremy - you are correct. Managed to fix this by setting these for the share: create mask = 0660 force create mode = 0660 security mask = 000 force security mode = 660 directory mask = 0770 force directory mode = 0770 directory security mask = 000 force directory security mode = 770 What would be nice, is to have a single config option as an alias for this.