Samba Security Mask Is Gone
Upgrading to Samba 4, I ran into one problem.
I have multiple users who have write access to my files. No matter who created the file or folder, I want all other users to be able to modify or even delete them.
My users are in the unix group sambashare and I have two ways to ensure that all files and directories belong to the sambashare group.
- setting the guid bit to the parent folder
- by setting
force group = sambasharein
The file permissions (
drwxrwx--- on folders to the group and
-rw-rw---- on files) are ensured by these
inherit permissions = yes create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770
This way all newly created files have the correct permissions. It works fine if they are created on a Windows machine. My macOS is a different beast. It changes the permissions on its own right after creating the files. That's why I relied on theses additional settings:
security mask = 660 force security mode = 660 directory security mask = 770 force directory security mode = 770
Security mask (or the synonym mode) means that these permissions are always enforced. Not only upon creating files but also when the permissions are changed.
Samba 4 has removed theses settings and my macOS started write protecting files to the sambashare group.
I finally found the solution:
unix extensions = no
will prevent POSIX systems like macOS from changing these permissions. Now my permissions stay the way I want them.