Samba permissions being ignored

The problem turned out to be the security mode settings within my configuration (or lack there of). The following smb.conf configuration is now working for me and all users within my security group "dev" now have 775 for all files they create within the share:

[development_server]
    comment = Development directories
    path = /sites
    writeable = yes
    valid users = @dev
    guest ok = no

    create mask = 0775
    force create mode = 0775
    security mask = 0775
    force security mode = 0775

    directory mask = 0775
    force directory mode = 0775
    directory security mask = 0775
    force directory security mode = 0775

I found this solution while digging through askubuntu

Check obey PAM restrictions parameter. If enabled Samba will create files with umask restriction for given user.

create mask can only be used to prevent a permission bit to be set, as the mask is bitwise ANDed with the bits the client tried to set. If the mask is set to 7, but the client tries something less, e.g. 6, the client "wins" as 0 AND 1 for the execute bit is 0.

force create mode works the other way around, it will bitwise OR the mode to what the client tries to set, so if you set a 7 here, every bit will end up with x OR 1, which is always 1.

To force the value 0775 regardless of what the client tries to set, you have to combine the two:

create mask = 0770   (0000 would also work)
force create mode = 0775

See the documentation.

A word of warning on testing this problem:

After suffering the same issue I discovered that, in my case at least, it was conditional;

• when I create a file in the samba share using context-menu new-file ('New Text File.txt') it does not set the group-write bit on that file (0750)

• when I create a new file using context-menu new-file and change its name before pressing enter it does set the group-write bit on that file! (0770)

My solution was the one @niziak warned about. Do not use obey PAM restrictions (defaults to no).