Ubuntu – I cant get samba to set proper permissions on created directories


I have a ubuntu server sharing some folders using samba. When a client creates a new folder or file, the permissions aren't set according to the settings in smb.conf.

My current settings for a specific share:

    path = /mnt/share
    browsable = yes
    guest ok = no
    writable = yes
    read only = no
    create mask = 0774
    directory mask = 0774
    write list = netuser

When a samba client (a windows 7 box) uses the 'netuser' account to create a file or directory, the permissions become

drwxr-sr-- 2 netuser sambashare      4096 2012-01-22 21:14 New folder
-rwxrw-r-- 1 netuser sambashare         0 2012-01-22 21:07 New Text Document.txt

The parent directory has the set group id flag, thus the sambashare group owner. The idea is that both samba users and server users belong to the sambashare group, and thus are to be able to edit, delete, and create files and directories. However, since created folders doesn't have the write flag for group set, server users cant create new files or folders in those folders without sudo.

i have tested adding and removing the directory mask, force directory mode, directory security mode, and the force directory security mode, but the behaviors still remains. Newly created files and folders doesn't get intended 774 permission, but rather 764 and 754 respectively.

What am I missing? Why doesn't samba set the correct permissions?

Best Answer

I think you need to use the following parameters:

# I changes the permissions to rw-rw-r--
# You should be able to change them to 775 if you need the files to
# be executable
create mask = 664
force create mode = 664
security mask = 664
force security mode = 664

# I set the SGID flag here as I thought this is what you wanted
# You could change to 0775
directory mask = 2775
force directory mode = 2775
directory security mask = 2775
force directory security mode = 2775

I was looking for a nice explanation of how these settings work, but could not find anything better then man smb.conf

You will have to scroll down a bit for those options.

Basically, in a nutshell, windows permissions are not the same as unix (linux) and it is a bit odd how samba maps permissions.