[Pkg-samba-maint] Bug#532856: umask settings overridden by Mac OS X 10.5 (Leopard) clients
Josip Rodin
joy at debbugs.entuzijast.net
Fri Jun 12 09:27:08 UTC 2009
Package: samba
Version: 2:3.2.5-4lenny2
Hi,
MacOS 10.5 (Leopard) users seem to have a NetBIOS client that by default
is able to completely override file and directory permissions on Samba
shares. I have the shares set up like this on the server smb.conf:
[Temp]
path = /srv/Temp
read only = No
guest ok = No
valid users = @users
write list = @users
force group = "users"
create mask = 0775
security mask = 0775
force create mode = 0660
directory mask = 2775
directory security mask = 2775
force directory mode = 2771
case sensitive = No
inherit permissions = yes
hide files = :2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/:2eTemporaryItems/Thumbs.db/
This is my final result of experimentation - before, with Samba 3.0,
we did not even have 'security mask', 'force create mode', 'directory
security mask', 'force directory mode', 'inherit permissions' - and
everything worked fine. Now after the upgrade to lenny on the Samba server,
it no longer does for this subset of users.
testparm says the following about that:
[Temp]
path = /srv/Temp
valid users = @users
write list = @users
force group = "users"
read only = No
create mask = 0775
force create mode = 0660
security mask = 0775
directory mask = 02775
force directory mode = 02771
directory security mask = 02775
inherit permissions = Yes
case sensitive = No
hide files = :2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/:2eTemporaryItems/Thumbs.db/
Windows XP and Linux clients create files (nearly) as prescribed, for example:
[joy at tokio:/srv/Temp]% smbclient //tokio/Temp
Enter joy's password:
Domain=[IMAGO] OS=[Unix] Server=[Samba 3.2.5]
smb: \> dir
. D 0 Wed Jun 10 01:00:01 2009
.. D 0 Sun Jun 7 17:59:29 2009
.DS_Store AH 6148 Tue Jun 9 11:54:06 2009
65535 blocks of size 33553920. 4217 blocks available
smb: \> lcd /etc
smb: \> put motd
putting file motd as \motd (11,2 kb/s) (average 11,2 kb/s)
smb: \> mkdir foo
smb: \> exit
[joy at tokio:/srv/Temp]% ls -ld motd foo
drwxrwxr-x 2 joy users 6 2009-06-12 11:18 foo
-rwxrw-r-- 1 joy users 80 2009-06-12 11:15 motd
This is acceptable - I didn't get the setgid bit on directories, but that
would be icing on the cake, and I have 'force group' in effect anyway.
Mac OS X 10.4 'Tiger' clients seem to behave the same.
However, Mac OS X 10.5 'Leopard' users seem to have their default system
umask of 022 magically propagate into the Samba server, and then their dirs
become 0755 and files become either 0644 or even worse (sometimes o-r,
sometimes g-r,g+w!).
Only after we made those users to have umask 002 in their
/etc/launchd.conf files and rebooted them, did their new files start
getting the right permissions on these Samba shares. However, that is
just a workaround, judging by the description in smb.conf(5), the server
never should have let them apply their own umasks in the first place...
I've tried comparing debug logs between different clients at level 5, but
it's pretty hard to decipher much, because there's a fair bit of overhead,
and little in the way of explanation - what I did saw was many of these:
create_file: access_mask = 0x20001 file_attributes = 0x80,
share_access = 0x7, create_disposition = 0x1 create_options = 0x0
oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil),
fname = some/path/._filename.ai
...but then I have to convert these hexadecimal numbers into octal,
and I don't know exactly with what to combine the numbers so as to
get the mask meaning...
Please help. TIA.
--
2. That which causes joy or happiness.
More information about the Pkg-samba-maint
mailing list