[Pkg-samba-maint] Bug#532856: umask settings overridden by Mac OS X 10.5 (Leopard) clients

Josip Rodin joy at debbugs.entuzijast.net
Fri Jun 12 09:27:08 UTC 2009

Package: samba
Version: 2:3.2.5-4lenny2


MacOS 10.5 (Leopard) users seem to have a NetBIOS client that by default
is able to completely override file and directory permissions on Samba
shares. I have the shares set up like this on the server smb.conf:

  path = /srv/Temp
  read only = No
  guest ok = No
  valid users = @users
  write list = @users
  force group = "users"
  create mask = 0775
  security mask = 0775
  force create mode = 0660
  directory mask = 2775
  directory security mask = 2775
  force directory mode = 2771
  case sensitive = No
  inherit permissions = yes
  hide files = :2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/:2eTemporaryItems/Thumbs.db/

This is my final result of experimentation - before, with Samba 3.0,
we did not even have 'security mask', 'force create mode', 'directory
security mask', 'force directory mode', 'inherit permissions' - and
everything worked fine. Now after the upgrade to lenny on the Samba server,
it no longer does for this subset of users.

testparm says the following about that:

        path = /srv/Temp
        valid users = @users
        write list = @users
        force group = "users"
        read only = No
        create mask = 0775
        force create mode = 0660
        security mask = 0775
        directory mask = 02775
        force directory mode = 02771
        directory security mask = 02775
        inherit permissions = Yes
        case sensitive = No
        hide files = :2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/:2eTemporaryItems/Thumbs.db/

Windows XP and Linux clients create files (nearly) as prescribed, for example:

[joy at tokio:/srv/Temp]% smbclient //tokio/Temp
Enter joy's password: 
Domain=[IMAGO] OS=[Unix] Server=[Samba 3.2.5]
smb: \> dir
  .                                   D        0  Wed Jun 10 01:00:01 2009
  ..                                  D        0  Sun Jun  7 17:59:29 2009
  .DS_Store                          AH     6148  Tue Jun  9 11:54:06 2009

                65535 blocks of size 33553920. 4217 blocks available
smb: \> lcd /etc
smb: \> put motd
putting file motd as \motd (11,2 kb/s) (average 11,2 kb/s)
smb: \> mkdir foo
smb: \> exit
[joy at tokio:/srv/Temp]% ls -ld motd foo
drwxrwxr-x 2 joy users  6 2009-06-12 11:18 foo
-rwxrw-r-- 1 joy users 80 2009-06-12 11:15 motd

This is acceptable - I didn't get the setgid bit on directories, but that
would be icing on the cake, and I have 'force group' in effect anyway.
Mac OS X 10.4 'Tiger' clients seem to behave the same.

However, Mac OS X 10.5 'Leopard' users seem to have their default system
umask of 022 magically propagate into the Samba server, and then their dirs
become 0755 and files become either 0644 or even worse (sometimes o-r,
sometimes g-r,g+w!).

Only after we made those users to have umask 002 in their
/etc/launchd.conf files and rebooted them, did their new files start
getting the right permissions on these Samba shares. However, that is
just a workaround, judging by the description in smb.conf(5), the server
never should have let them apply their own umasks in the first place...

I've tried comparing debug logs between different clients at level 5, but
it's pretty hard to decipher much, because there's a fair bit of overhead,
and little in the way of explanation - what I did saw was many of these:

create_file: access_mask = 0x20001 file_attributes = 0x80,
share_access = 0x7, create_disposition = 0x1 create_options = 0x0
oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil),
fname = some/path/._filename.ai

...but then I have to convert these hexadecimal numbers into octal,
and I don't know exactly with what to combine the numbers so as to
get the mask meaning...

Please help. TIA.

     2. That which causes joy or happiness.

More information about the Pkg-samba-maint mailing list