0

I'd like to configure a share on a standalone samba serve where users have rw to their own files, but r to others in the same group (rwx and rx on folders respectively). It works well when users creating new files and directories, but after certain file operations the file becomes rwx for group, which is undesirable.

The share is configured as this:

[share] path = /mnt/asd/bsd read only = yes valid users = @agroup, auser write list = @agroup directory mask = 0755 create mask = 0644 force group = +agroup

Reproduction, share is mounted as a drive on a Windows 8.1 client:

  1. copy a x.jpg into the sare - so far so good, it becomes 644, owned by the user who created it and group is enforced as well
  2. open the .jpg from the share with Windows Photo Viewer, rotate it - after the file gets saved upon closing it becomes mode 674 - too bad
  3. right click > properties > security tab still shows only "read" permission for the group, there's no way to fix this remotely.

The same is happening when I right click the file in Windows and try to edit the permissions.

/ # smbd --version Version 4.2.9

Is it a misconfig, or is there a way to restrict remote file mode changes? Tried to play with masks, or other config options so far no luck.

Improve this question

1 Answer 1

Reset to default
0

Found the solution, it looks like some ACL magic is happening in the background, so samba correctly sets the altered user / group / other unix mode to 7 in order to make sure ACLs are propagated.

So there's nothing to worry about, despite 0674 mode the file is not actually group writable, enforced via ACL.

ACL support could be disabled per share with nt acl support = no.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.