TransWikia.com

Samba shared folder with setgid problem

Unix & Linux Asked by alex.forencich on December 24, 2020

I am setting up a file server with a shared directory. Inside, there are per-user folders that are readable by any user and a shared directory that is readable and writeable by any user. The per-user folders are simple enough. However, I am having some issues with the shared folder. I performed the standard procedure for making a set GID folder:

# chown root shared
# chmod -R ug+rwX shared
# chgrp -R users shared
# find shared -type d -exec chmod g+s "{}" ;
# find shared -type d -exec setfacl -m "default:group::rwx" "{}" ;

After ensuring all users are in the ‘users’ group, this works perfectly via direct console login, ssh, rsync, etc. However, there are some issues with samba.

With the default samba config, the SGID bit and GID are propagated, but new files and folders do not have the group write bit set. This appears to be because the ACL is being ignored. According to Samba Ignoring POSIX ACLs, the solution is to add vfs objects = acl_xattr to smb.conf. When I set that, the group write permission is correctly set. However, the group is then set to the user’s primary group instead of the group of the parent directory, which rather defeats the purpose of the set GID bit. I tried the other smb.conf adjustments noted in the link (map acl inherit = yes, store dos attributes = yes, and inherit acls = yes), but these had no effect. What’s the proper way to make this work?

One Answer

To set group, user and permissions for new files and folders, I use this config on the server (in smb.conf):

[shared-folder]
   writeable = yes
   force user  = "user"
   force group = "users"
   create mask = 0664
   force create mode = 0664
   directory mask = 0775
   force directory mode = 0755

You could handle the common folder this way, through a separate shared folder.

Note: as pointed out in the comments, this setup may not be compatible with ACLs. I would recommend doing this only if you are going to rely on UNIX permissions only.

Answered by simlev on December 24, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP