How do I force specific permissions for new files/folders on Linux file server?

networking linux file-sharing file-permissions ubuntu

I'm having an issue with my install of Ubuntu 9.10 (file server) and its samba permissions. Logging in and reading works fine. However, creation of new directories by users restricts access for other users. For instance, if Bob (Windows user who maps the drive) creates a folder in the directory, Jane (Mac user that simply smb mounts) can read from it, but can't write to it -- and vice versa. I then must go CHMOD 777 the directory for everyone to be happy. I've tried editing the "create/directory mask", and "force" options in the smb.conf file but this doesn't seem to help.

I'm about to resort to CRONTABing a recursive chmod routine, although I'm sure this isn't the fix. How do I get all new items to always be 777? Does anyone have any suggestions to fix this ever-occurring situation?

Best


Solution 1:

I typically use SAMBA's native functionality for permissions and groups management on shares. For example..

force user=user1
force group=sharedgroup
create mask=775

You would specify these settings under the share. Be certain to reload SAMBA after the configuration change, which could be done via the init script.

Solution 2:

Set the permissions on the directory to be 2777, like this:

chmod 2777 /shared/dir

This causes all files and folders under the '/shared/dir' directory to inherit the permissions of the top directory, in this case 777.

Afterwards, do this to make sure all files have the proper permissions:

chmod -R 777 /shared/dir

Solution 3:

I realize this is an old question but I recently had a similar issue and here's how I solved it:

[share]
security mask = 0770
create mask = 0770
force create mode = 0660
comment = Samba share for IT
path = /raid/share
browseable = YES
guest ok = no
write list = root, @"DOMAIN+it_nfs"
force group = DOMAIN+it_nfs

This ensures that users have to be in the "it_nfs" security group in AD, all files will be written with group "it_nfs," and all files will be written with at least 0660 and at most 0770 perms. Forcing the group ID ensures that anybody in that group can read/write the files on the share. Otherwise you end up with situations where a file written as bob:bob can't be written by charlie:charlie, even though both of them are in "it_nfs".

Related

How can I use SetEnvIf to set a variable based on the Http Host?
Simpler way to convert all tables from InnoDB to MyISAM
Determining at what time a currently open TCP connection was created?
How do I get robocopy to use a log file which includes spaces?
Duplicity: How to list versions of a file?
How to share domain name with multiple servers?
How do I ask apt-get to skip all post-install configuration steps?
Getting login year data with the 'last' command on linux
How do I delete a VM from 'virsh list -all'?
Public static ip for vagrant box
Puppet: Get users home directory
ntpdate and ntpd failing to sync clock on Linux