-   Linux - Server (
-   -   Samba: OS X overriding force permissions settings? (

fmillion 11-15-2011 07:37 PM

Samba: OS X overriding force permissions settings?
In reference to my post a few days ago, I gave in and decided to bite the bullet and work with UNIX permissions to implement what I wanted.

Now I face a new problem. Samba doesn't seem to be obeying the "force security mode" option.

Here's the settings for the share in question:


  read only = yes
  path = /nas/tmp
  write list = admin nas
  force group = nas
  inherit permissions = yes
  force security mode = 660
  force directory mode = 0775
  force create mode = 0664
  hide unreadable = yes
  veto files = /lost+found/._*/.DS_Store/.Trashes/._Trashes/
  browseable = no

The folder being shared (/nas/tmp) has permissions drwxrwxr-x and is owned by "admin" and group "nas". All files within the folder structure have group writable permission set. This means I can just create users and add them to group nas to allow them write access to the entire share. It also means I can restrict read or write access on a per-file or per-folder basis.

Now, I connect to this share from Windows and create a folder. If I look at that folder on the server, it indeed was created with permissions drwxrwxr-x as expected.


root [ /nas/tmp ]# ls -l
drwxrwxr-x  2 admin nas      4096 Nov 15 14:46 windows_folder

Enter Mac OS X. When I connect from my Mac to the share as either "nas" or "admin" and create a folder, it's created with permissions drwxr-xr-x. This of course means group nas can't write to that folder.


root [ /nas/tmp ]# ls -l
drwxr-xr-x  2 admin nas      4096 Nov 15 14:47 mac_folder

My goal, obviously, is to force all files created on the server to be writable by the group. This way I can simply set permissions on a folder I don't want accessed to drwx------ and the hide unreadable option will hide the files in question.

Am I missing something - is there a reason I can't get Samba to force files created from OS X to have the permissions I want? My guess is OS X is manipulating the permissions on files directly (it IS unix, after all) and that's why I tried setting force security mode - but it didn't work.



benhanson 11-18-2011 08:42 AM

Try setting
unix extensions = no
before the share

All times are GMT -5. The time now is 03:20 AM.