When creating a file in a cifs mounted share, the file is always created with universal rw. I posted this issue to both the samba and samba-technical list but without a response. Here are the details from that post, the commands used and how to reproduce: ---------------------------------------------------------------------------- Whenever a file is created in a cifs mounted share from samba 4.0.3 git (also confirmed on 4.0.2 stable) on a Linux client, it is always created with universal rw no matter what permissions and acl are set on the underlying ext4 file system. I have these shares in smb.conf: [home2] path = /home2 read only = No [home] path = /home2/home read only = No I mount [home] on a Linux client like this: mount -t cifs //hh1/home2 /home2 -osec=krb5,rw,multiuser Here is the output of the mount command: //hh1/home2 on /home2 type cifs (rw,relatime,vers=1.0,sec=krb5,cache=loose,unc=\\hh1\home2,multiuser,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.2,unix,posixpaths,serverino,acl,noperm,rsize=1048576,wsize=65536,actimeo=1) Here are the acl's on the relevant directories: getfacl /home2 getfacl: Removing leading '/' from absolute path names # file: home2 # owner: root # group: root user::rwx group::r-x other::r-x getfacl /home2/home getfacl: Removing leading '/' from absolute path names # file: home2/home # owner: root # group: root user::rwx group::r-x other::r-x getfacl /home2/home/steve2 getfacl: Removing leading '/' from absolute path names # file: home2/home/steve2 # owner: steve2 # group: Domain\040Users user::rwx group::r-x other::r-x Now, if steve2 logs in and creates a file on the cifs mounted share on the client: steve2@hh10:~> touch s2.txt it is created with universal read write access: steve2@hh10:~> ls -l s2.txt -rwxrwxrwx+ 1 steve2 Domain Users 0 Feb 1 12:08 s2.txt getfacl s2.txt # file: s2.txt # owner: steve2 # group: Domain\040Users user::rwx user:steve2:rwx group::rwx group:Domain\040Users:rwx mask::rwx other::rwx If I log into the fileserver as steve2 (I.e. when it's not mounted), it works fine and files are created as expected: -rw-r--r-- 1 steve2 Domain Users 0 Feb 1 11:52 s3.txt Question: Why does the cifs mounted share always create files with universal rw? What can I do to correct this?
Solved by the security update to 4.0.3 or just installing 4.0.4 over the top. Thanks.