Unix & Linux Asked by alex.forencich on December 24, 2020
I am setting up a file server with a shared directory. Inside, there are per-user folders that are readable by any user and a shared directory that is readable and writeable by any user. The per-user folders are simple enough. However, I am having some issues with the shared folder. I performed the standard procedure for making a set GID folder:
# chown root shared
# chmod -R ug+rwX shared
# chgrp -R users shared
# find shared -type d -exec chmod g+s "{}" ;
# find shared -type d -exec setfacl -m "default:group::rwx" "{}" ;
After ensuring all users are in the ‘users’ group, this works perfectly via direct console login, ssh, rsync, etc. However, there are some issues with samba.
With the default samba config, the SGID bit and GID are propagated, but new files and folders do not have the group write bit set. This appears to be because the ACL is being ignored. According to Samba Ignoring POSIX ACLs, the solution is to add vfs objects = acl_xattr
to smb.conf. When I set that, the group write permission is correctly set. However, the group is then set to the user’s primary group instead of the group of the parent directory, which rather defeats the purpose of the set GID bit. I tried the other smb.conf adjustments noted in the link (map acl inherit = yes
, store dos attributes = yes
, and inherit acls = yes
), but these had no effect. What’s the proper way to make this work?
To set group, user and permissions for new files and folders, I use this config on the server (in smb.conf
):
[shared-folder]
writeable = yes
force user = "user"
force group = "users"
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0755
You could handle the common folder this way, through a separate shared folder.
Note: as pointed out in the comments, this setup may not be compatible with ACLs. I would recommend doing this only if you are going to rely on UNIX permissions only.
Answered by simlev on December 24, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP