I have a Default ACL like this set up on my ext3-Filesystem: sudo setfacl -R -d -m u::rwx,g::rwx,g:privusers:rwx,o::- data getfacl looks like this: # file: data/ # owner: lobo # group: privusers user::rwx group::rwx group:privusers:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:privusers:rwx default:mask::rwx default:other::--- when I now create a directory directly on the filesystem (without samba) the acl is correctly applied and inherited: mkdir test getfacl test # file: test/ # owner: lobo # group: users user::rwx group::rwx group:privusers:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:privusers:rwx default:mask::rwx default:other::--- when I create a file inside this folder in directly on the server, the acl works as expected: touch test/testfile getfacl test/testfile # file: test/testfile # owner: lobo # group: users user::rw- group::rwx #effective:rw- group:privusers:rwx #effective:rw- mask::rw- other::--- but when I create a file on my mounted folder on Windows 7 the acl looks like this: getfacl test/testwindows # file: test/testwindows # owner: grmuser # group: privusers user::rwx group::rwx group:privusers:rwx mask::rwx other::--- so everybody gets unnecessary X-permissions my Samba-Config looks like this: [grmdata] path = /media/grmdata/smbshare public = no comment = grm-files inherit permissions = Yes inherit acls = Yes available = yes browseable = yes guest ok = no writable = yes valid users = grmuser popcorn read list = popcorn vfs objects = /usr/lib/samba/vfs/recycle.so recycle:repository=.recycle recycle:versions=True recycle:touch=True recycle:keeptree=True recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$* recycle:exclude_dir=/tmp|/temp|/cache recycle:directory_mode=750
I have this exact problem: With ACLs enabled, files are being created with mode 0670 despite the create mask being 0660. This results in the ACL 'mask::rwx' and the execute bit being set where it shouldn't be. This bug also appears to be a duplicate of bug 6042. This is a fresh install of Openfiler ESA 2.99.1 running Samba 3.5.6. Here is my samba config as displayed by testparm: [global] workgroup = BETAFIVE realm = BETAFIVE.CO.UK server string = Openfiler NAS security = ADS map to guest = Bad User obey pam restrictions = Yes password server = 192.168.0.40 guest account = ofguest pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 load printers = No os level = 0 local master = No domain master = No idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template homedir = /mnt/vg0/users/users/%U template shell = /sbin/nologin winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes create mask = 0660 force create mode = 0660 security mask = 0660 directory mask = 0770 force directory mode = 0770 directory security mask = 0770 map archive = No [users] comment = users path = /mnt/vg0/files/users read only = No hosts allow = 192.168.0.0/24 veto files = /*:Zone.Identifier:*/ veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/ Any further details can be provided on request.
*** This bug has been marked as a duplicate of bug 10792 ***