I have a small problem with samba which I'm unable to solve, but I honestly expect there to be no solution. When copying files with restrictive permissions from one directory on the share to another, the permissions are also copied and not set to the ones of the parent directory.
In detail, we have a samba share with the following rights:
[Global]
comment = Global Space
path = /home/global
valid users = @users
read only = No
create mask = 0760
directory mask = 0770
force directory mode = 0770
inherit permissions = Yes
I've just read that inherit permissions = Yes disables create mask and directory mask but let's ignore that for a second.
When users create a file on the share, the permissions are set correctly such that everybody can read and modify everybodies files, thanks to inherit permissions. It also works on copying files from windows to samba.
However, in order to complicate things, suppose we have some restricted folders "priv" in some subfolders such as
+ customers
| + customer1
| | + priv
| | | + restricted stuff ...
| | + source
| | | + files etc.
| + customer2
| + source
| + files again
+ other
+ priv
+ doc
+ who cares
which are not readable by normal users, but those in the priv group. Since permissions are inherited and are set correctly in the "priv" directories, files created there are owned by the priv group and not by users. Since the rights are 760 and 770 (for files and directories, resp.), normal users can't read them. We further have a cron job that ensures these rights recursively every night which is acceptable for us.
If we now copy a file from the "priv" directory to another, open directory, normal users are not able to modify it, as the linux rights are also copied. Copying the file to the windows client and back to the share works as intended.
Is there a way to enable this behavior on samba? My system is an Ubuntu 14.04.2 with samba version 4.1.6-Ubuntu.
