1

I have a Samba server with multiples folders, but when user try to create a folder or a file the group permissions are only set to "r" (read), I'm doing something wrong?

My Samba version is 4.3.11-Ubuntu

This is the smb.conf

[COMPANY]
    browsable = yes
    path = /PATH/OTHERPATH
    guest ok = no
    guest only = no
    create mask = 0770
    force create mode = 0770
    directory mask = 0770
    force directory mode = 0770
    write list = @GROUP1, @GROUP2
    read list =
    valid users = @GROUP1, @GROUP2
    read only = no

This are the permissions that samba gives to the files and folders that my users create

-rw-r--r--  1   user    GROUP1      0 jul 12 17:43 file
drwxr-xr-x  2   user    GROUP1   4096 jul 12 17:43 folder/

Thanks in advance

Thomas
  • 4,225
  • 5
  • 23
  • 28
  • Are you looking at files in the right share? Have you restarted Samba after setting/changing the definition for [Company]? – roaima Jul 12 '18 at 22:53
  • 1
    Check the System's umask ;) i set mine to 0007 so samba permissions would be those i set in the conf file. – aPugLife Jul 13 '18 at 14:11
  • @roaima Yes, I have changed the file save it and restarted the service a lot now. –  Jul 13 '18 at 14:22
  • @Nihvel I really want to thank you I had a huge headache with this, can you please put this as an answer so I can mark it as a solution. –  Jul 13 '18 at 14:32

1 Answers1

0

As I was saying in the comments below your question, to properly set permissions through Samba you'd have to set the system umask to 0007.

I am not sure if this is the "proper way" for setting up Samba. What I noticed is that the permissions I was giving to the single shares in the Samba conf file were not the same as those created when creating a file into the samba share. Basically, from the system umask, samba was removing the permissions bits and in fact it was creating file under other permissions.

What I did (long time ago) was to tweak the system umask.

In /etc/profile I added

umask 0007

my samba conf file is something like this:

#
# Samba config file
#
# To use with umask 0007
[global]
        server string = %h server (Samba, Ubuntu)
        map to guest = Bad User
        obey pam restrictions = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        deadtime = 45
        socket options = TCP_NODELAY IPTOS_THROUGHPUT
        dns proxy = No
        panic action = /usr/share/samba/panic-action %d
        idmap config * : range = 
        idmap config * : backend = tdb
        map acl inherit = Yes
        csc policy = documents
#        interfaces = 10.8.0.0/24 tun0 # do you want to serve your Samba over a dedicated network?
#        hosts allow = 10.8.0.0/24 # these rows are what I'd use in the OpenVPN

[User]
  path = /home/samba/user
  valid users = user
  force group = user
  read only = No
  directory mask = 0770
  force directory mode = 0770
  create mask = 0660
  force create mode = 0660
  write cache size = 2621440
  veto oplock files = /*.tmp/
# in this case, only the user User can r/w his own share.

# What if we have a group with more users?
[Group]
  path = /home/samba/group
  valid users = @group
  force group = group
  read only = No
  directory mask = 0770
  force directory mode = 0770
  create mask = 0660
  force create mode = 0660
  write cache size = 2621440
  veto oplock files = /*.tmp/

If the shares have document file, go for csc policy = documents I used this in the GLOBAL configuration.

There might be the case where a shared folder contains executable file (Mostly on Windows systems, like a portable application). In that case, you can use csc policy = programs in the share configuration.

aPugLife
  • 287
  • 1
  • 5
  • 14