Re: [Samba] Need help with share permissions

2012-10-06 Thread Andreas Oster 
Am 05.10.2012 21:11, schrieb Jeremy Allison:
 Hmmm. The :
 
 force directory mode = 0770
 directory mask = 0770
 
 setting should do the trick. Are you also storing
 the DOS attributes in EA's ? You probably also
 need that to prevent UNIX permission modification.
 
 Try adding:
 
store dos attributes = yes
map readonly = no
map system = no
map hidden = no
map archive = no
 
 and re-test creating a new directory.
 
 Jeremy.
 -- To unsubscribe from this list go to the following URL and read the
 instructions: https://lists.samba.org/mailman/options/samba
Hello Jeremy,

thank you for your reply. Unfortunately these settings did not help.
Directories still will have 0750 permission and now this does not change
to 0770 when doing a renaming. Files will now be created with 0640
instead of 0660.

Here the output of testparm :

[global]
workgroup = MYDOM
realm = MYDOM.DE
server string = %h server (Samba, Ubuntu)
security = ADS
map to guest = Bad User
obey pam restrictions = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
max protocol = SMB2
printcap name = cups
dns proxy = No
wins support = Yes
panic action = /usr/share/samba/panic-action %d
template homedir = /shares/homes/%U
template shell = /bin/sh
winbind cache time = 10
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
idmap config *:range = 1-2
idmap config MYDOM:range = 1-2
idmap config MYDOM:backend = rid
idmap config * : backend = tdb
use client driver = Yes
map archive = No
map readonly = no
store dos attributes = Yes

[homes]
comment = Home Directories
valid users = %S
write list = %S, +MYDOM\Domain Admins
force group = MYDOM\Domain Users
create mask = 0770
directory mask = 0770
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print ok = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers

[Pictures]
comment = Pictures auf TICKSMB3
path = /shares/pictures
valid users = +MYDOM\Pictures, +MYDOM\Domain Admins
force group = MYDOM\Pictures
read only = No
create mask = 0660
force create mode = 0660
directory mask = 0770
force directory mode = 0770

Thank you for your kind help.

best regards

Andreas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Need help with share permissions

2012-10-05 Thread Andreas Oster 
Hello all,

I am struggling to get share permissions to work properly.
I am currently using samba 3.6.3 with AD integration.

I want to force the following permissions:

- created/renamed/copied directories: 0770
- created/renamed/copied files: 0660
- file permissions should not be editable by Windows users.

I have tried a lot of different combinations of parameters but failed to
get the desired permissions. Most of the time I end up with 0660 for
newly created files and 0750 for newly created directories. When I
rename a just created directory permission changes to 0770.

At the moment I have this in my test share:


force group = MYDOM\test
force create mode = 0660
create mask = 0660
force directory mode = 0770
directory mask = 0770


Thank you for your kind help

best regards

Andreas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Need help with share permissions

2012-10-05 Thread Jeremy Allison 
On Fri, Oct 05, 2012 at 03:42:24PM +0200, Andreas Oster wrote:
 Hello all,
 
 I am struggling to get share permissions to work properly.
 I am currently using samba 3.6.3 with AD integration.
 
 I want to force the following permissions:
 
 - created/renamed/copied directories: 0770
 - created/renamed/copied files: 0660
 - file permissions should not be editable by Windows users.
 
 I have tried a lot of different combinations of parameters but failed to
 get the desired permissions. Most of the time I end up with 0660 for
 newly created files and 0750 for newly created directories. When I
 rename a just created directory permission changes to 0770.
 
 At the moment I have this in my test share:
 
 
 force group = MYDOM\test
 force create mode = 0660
 create mask = 0660
 force directory mode = 0770
 directory mask = 0770

Hmmm. The :

force directory mode = 0770
directory mask = 0770

setting should do the trick. Are you also storing
the DOS attributes in EA's ? You probably also
need that to prevent UNIX permission modification.

Try adding:

   store dos attributes = yes
   map readonly = no
   map system = no
   map hidden = no
   map archive = no

and re-test creating a new directory.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba