Web lists-archives.com

Re: [Samba] Samba 4.6.2 does not inherit setgid bit (anymore)




Hi Vincent,

have you found a solution that makes "force directory mode = 2770" able to apply to new created folders ?

I have a similar problem:

if I set by hand (eg. chmod 2770) the folder A and then I try to create an X element into that folder through samba I get the result needed ( group of X become overriden from parent folder A ) but the problem is that the new element X not honor forced mode discarding into 0770

   A rwxrw*s*---
   A\X    rwxrw*x*---


In many thread this problem appears and frequently the answer is that the group bit can't inherited through linux, but this is not the point because that's true and known, the problem seems that samba simply discard or not manage to apply these sticky bits at all ( at least regarding latest v4.7.4 ), I grabbed from the log following excerpt:

   [2018/01/30 19:05:17.994374,  5, pid=3294, effective(2002158,
   2000513), real(2002158, 0)] ../source3/smbd/dosmode.c:206(unix_mode)
      unix_mode: unix_mode(sharetest/A/X/New folder (10)) returning 02770
   ...
   [2018/01/30 19:05:18.064582,  5, pid=3294, effective(2002158,
   2000513), real(2002158, 0)] ../source3/smbd/dosmode.c:206(unix_mode)
      unix_mode: unix_mode(datatest/A/X/New folder (10)) returning 0770


Another efficient workaround could be to attach a simple script at some samba callback ( eg. file_created() ), but I don't know if exists such feature.

I definitively too need to understand where the problem is because in my scenario I have a C folder readable only by domain users and writable only by some users but when such users create something there new files looks like the following

   C\new_file poweruser    AD\*domain users*    rwx*rwx*---


the problem is that now "all domain users" can go to write where default acl deny that because of the ownership,group together with 77 permission that I need to manage everything through ACLs.

--
Lorenzo Delana |
|
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba