samba:create mask&force create mode不能设置组写位
尝试创建蒙版和强制创建模式的所有组合。 无论如何,所有创建的文件都有“rw-r – r–”而不是“rw-rw – ???” (我不关心“他人”的权限)。
smbd版本4.1.6-ubuntu(最新的14.04)
这里是smb.conf的摘录
[global] workgroup = MYDOMAIN realm = MYDOMAIN.FQDN server string = Файловый сервер %h (%i:%a) security = ADS allow trusted domains = No map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/%U.%m.log max log size = 1000 load printers = No printcap name = /dev/null disable spoolss = Yes dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d winbind enum users = Yes winbind enum groups = Yes winbind refresh tickets = Yes recycle:keeptree = yes idmap config * : range = 10000-50000 idmap config * : schema_mode = rid idmap config MYDOMAIN : default = yes idmap config MYDOMAIN : cache time = 180 idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 100000-500000 idmap config MYDOMAIN : schema_mode = rid idmap config * : backend = rid valid users = @MYDOMAIN\\acl_rsk30srv042_valid, @MYDOMAIN\acl_rsk30srv042_sd-rw, MYDOMAIN\svc_scan_330-001, MYDOMAIN\sysop, eao\administrator, MYDOMAIN\svc_sadm_330-02 admin users = MYDOMAIN\svc_scan_330-001, MYDOMAIN\svc_sadm_330-02 create mask = 0775 force create mode = 0770 directory mask = 0775 force directory mode = 0770 map acl inherit = Yes map archive = No map readonly = no store dos attributes = Yes vfs objects = recycle, acl_xattr [homes] comment = %S's personal folder path = /home/%D/%U valid users = @MYDOMAIN\xall-330 read only = No create mask = 0700 directory mask = 0700 browseable = No volume = %U-%S vfs objects = recycle:keeptree=yes [IPC$] path = /etc/samba/fakeIPC valid users = "@MYDOMAIN\domain users", @MYDOMAIN\xall-330, @MYDOMAIN\acl_share_330-sov2014, nobody guest ok = Yes [obmen] comment = Common file exchange path = /var/samba/obmen write list = @MYDOMAIN\acl_rsk30srv042_valid force group = MYDOMAIN\xall-330 read only = No force create mode = 0666 force directory mode = 0666 guest ok = Yes browseable = No volume = obmen vfs objects = extd_audit, recycle:keeptree=yes [secret] comment = Depts' folders path = /var/samba/secret guest ok = Yes [053] comment = 053 - IT dept path = /var/samba/secret/053 valid users = @MYDOMAIN\acl_share_330-053-rw force group = @MYDOMAIN\acl_share_330-053-rw read only = No guest ok = Yes browseable = No vfs objects = recycle:keeptree=yes, extd_audit 文件夹权限:
drwxrwxr-x 2 root root fakeIPC drwxrwxrwx 9 nobody MYDOMAIN\xall-330 obmen dr-xrwxr-x 36 nobody MYDOMAIN\xall-330 secret drwxrwxrwx 17 nobody MYDOMAIN\acl_share_330-053-rw 053
尝试从win7框和Ubuntu 14.04 – 相同的结果。 当然,samba4有问题……试着设置
create mask = 0666 directory mask = 2775 force create mode = 774 force directory mode = 2774
新创建的dir获得权限:drwxrwsr-x但复制文件仍然有:-rwxr-xr–
不知道该怎么办……老板强迫我搬到winserver避免这种情况……
已解决(似乎是)
问题在于遵守PAM限制参数。 默认情况下它已关闭,我不记得为什么我打开它。 SAMBA配置部分取自旧安装可能是我有理由在那里服从:-)
当它为ON时,SAMBA创建的文件受UMASK限制。 我不知道,如果通过登录默认值(用户是什么?)可以纠正,但umask命令给我“0022”,这意味着“你+一个gw ow”。
希望,它会对有类似问题的人有所帮助。