Bug 8061 - Regression bug in 3.5.8: "force create mode" not applied when new file created by Linux client
Summary: Regression bug in 3.5.8: "force create mode" not applied when new file create...
Status: NEW
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.5.8
Hardware: All Linux
: P5 normal
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
Depends on:
Reported: 2011-04-05 18:58 UTC by ttseccorp
Modified: 2012-07-03 09:21 UTC (History)
3 users (show)

See Also:

Level 10 log of a "touch test" from the client (137.95 KB, text/plain)
2011-05-16 08:37 UTC, Daniel Bruckhaus
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description ttseccorp 2011-04-05 18:58:38 UTC
In 3.5.8, when a Linux client creates a new file, "force create mode" is not correctly applied.  Using the same configuration, it works correctly in 3.5.7.


	comment = Data
	path = /shared/data
	valid users = @shared
        force user = shared
	force group = shared
	read only = No
	create mask = 0770
	force create mode = 0660
	directory mask = 0770
	force directory mode = 0770
	browseable = No
	force security mode = 0660
	security mask = 0770
	force directory security mode = 0770
	directory security mask = 0770 

Using the above configuration, when a Linux client creates a new file, it gets permissions of 640 instead of 660.  In 3.5.7, it correctly gets permissions of 660.

unix extensions is enabled by default.

Client is using smbclient 3.5.8 and cifs-utils 4.9.
The only cifs mount option used by the client is noatime.

I have downgraded to 3.5.7 for now because of this issue.
Comment 1 Jeremy Allison 2011-04-05 19:06:37 UTC
Can you attach a wireshark trace of this activity from the client, as well as the associated debug level 10 log that show this please ?


Comment 2 Daniel Bruckhaus 2011-05-16 08:31:04 UTC
Has there been any progress on this one?

I have the exact same problem on:

Server: Slackware 13.1 - Samba 3.5.8
Client: Ubuntu 10.04 - Samba 3.4.7
Comment 3 Daniel Bruckhaus 2011-05-16 08:37:38 UTC
Created attachment 6446 [details]
Level 10 log of a "touch test" from the client

I did a sequence of "touch test{1,2,3,..}" on the client; this log starts several seconds before and ends several seconds after the "touch". 

All touch commands result in a "Permission denied" error on the client. However, the file is created, but with mode 0646 instead of 0666. 

As you see, the "others" part of the mode is properly set, only group permissions seem broken.
Comment 4 BT 2012-04-26 01:36:54 UTC

Thank you for the email.

I've now set "directory mask = 0000" and "force directory mode = 0000". New directories are now created with a mode of 020. So it appears that the group write bit is always set regardless of "directory mask" and "force directory mode" options. My guess is that "directory mask" isn't being applied correctly.

If you need any further information, let me know.
Comment 5 BT 2012-04-27 07:11:59 UTC
After some further investigation it appears that the group write bit is coming from the client and not from the directory mask being incorrectly applied as I first thought.

Testing with a Debian 6 client and libsmbclient-3.5.6 (via GNOME), the write bit isn't set. While on the same system using cifs-utils-4.5 the write bit is set. The server is running Gentoo with Samba 3.5.14.
Comment 6 Pierre Berthier 2012-05-15 06:30:07 UTC
I am observing the same problem here as in comment 4 concerning the group write bit.  Using cifs-utils v. 5.0 (Ubuntu 11.10) on the client and samba 3.4.3 on the server (SLES 11 SP1).  A good way to reproduce it is to

1) one the client open a terminal, set the umask to 0077

2) from the client create a file in a directory mounted as a samba share from the server (touch test): the permissions of the file are correct (0600)

3) write something to the file (echo > test): now the permissions are 0620 !)
Comment 7 BT 2012-07-03 09:21:41 UTC
The issue I described in comments 4 and 5 have been fixed in bug #8972.