For years my company has been struggling with permissions in our samba share Projects folder. Some of us use Linux, others WinXP. Whenever one user saves a file from Firefox or Konqueror on his SuSe 10 machine, it defaults 722 octal permissions in the Samba share (we want rw for owner and group on all files in the share).

My analysis of the situation is there are multiple levels of permissions & masks that can occur before it settles in a directory in the share:
1) A program will save with default permissions (example: Firefox)
2) The Linux machine has a umask.
3) fstab on the user's machine can be mounted with switches for default behavior with permissions.
4) Samba applies permissions.

I believe the most efficient way to ensure a certain rule about permissions in the share directory is to configure Samba override all permissions and force creation of file permissions in this share regardless of the samba user's default.

Useful information:
Server: CentOS 5
Samba version 3.0.25b-1.el5_1.4
User computers: SuSe 10 and Debian Lenny
Problem Programs: Firefox, Konqueror
Problem: SuSe or Lenny default permissions are applied when creating a new file even though smb.conf uses force create mode.

Here is the relevant section of smb.conf
#SHARES
[data]
comment = Bulk Data Store
path = /storage/shares/data
read only = No
create mask = 0660
directory mask = 2770
hide unreadable = Yes
browseable = yes
guest ok = no
printable = no
force create mode = 0660
force directory mode = 2770
valid users = @valid-group

Here is a typical fstab entry on the user's computer:
//server/data /data cifs auto,user,file_mode=0775,dir_mode=0775,noacl,noperm,nocase,credentials=/root/mycreds 0 0

From my understanding of smb.conf man entry, that "force create mode" switch should force all files to rw-rw---- permissions regardless of SuSe's umask, Firefox's default permissions, etc.

We are using CentOS 5 on the server. I have noticed that my Debian Lenny machine also saves Firefox downloads with tight permissions.

Does anybody have the golden ticket? I have been searching and have not yet found a clear-cut answer on this. Our networking consultants have not managed to resolve this issue, either.

I am wondering if the create mask and directory mask switches over-ride the force create and force directory switches. It seems as though those directives should not even be present in our smb.conf. We want all permissions to be as if I had written a cron job to chmod 660 -R /storage/shares/data (which seems a bludgeon of a way to do this).

I would greatly appreciate it if somebody explains what's going on, but I would be equally appreciative if somebody could point out some other threads or man pages worth reviewing.

Thanks

Updated tidbit:
I just now noticed that the two Linux computers were using a different workgroup name than the server, and the rest of the Windows machines. Would this have been the source of all my troubles?

Update: Changing all users to the same workgroup did not help.

I had that kind of problem a few years ago. It was solved by using ACLs and default ACLs for the shares/directories. Samba was configured to honour/inherit ACLs. A share for a certain group of people was used with 'chmod g+s' to force all created files into that group. Shares writable for more than one group of people was used with 'chmod g+s' and people had to be a member of a new group for that share/directory. This can be used to circumvent the lack of support for 'group of groups' in samba. At least that was so a few years back.

I have the exact same issue. When I save the file directly from firefox to the samba mount, it makes the permissions -rwx-wx-wx

For some reason removing read access. If I save from firefox to the desktop, then drag and drop to the samba mount (with gnome) everything works fine.

Also if I save directly to the samba mount with Opera, it works properly.

For this reason, it appears to be a firefox issue. But I dont see why samba permissions settings (using create mask or force create mode) would not be able to override this.

Also I tried running chmod g+s on the samba server on the samba share directory. All the files inside disappeared. Bizarre

I just wanted to add that both client and server are running linux.

How did you configure that? I'm not sure exactly what configuration file or program you're referring to that applies 'chmod g+s' to the files.

I can log into the server and do a 'chmod 760 -R /share/directory ' and get results but it's a bit cumbersome to do this every time I start hearing gripes from people in the office about not being able to find files saved by my boss or myself.

I don't want Samba to inherit or honor any ACL's from the user. Every file that is created on the share should be forced to rwxrwx--- so any member of the group has full permissions (or at least rw permissions). Either way, I want this share to define permissions, not the user.

Thanks all for your input so far. Hopefully somebody out there has some insight. It must be something simple, but I have so far come upon a good number of threads in various forums where this question is asked, but no answers are found.