Thursday, December 5, 2013

Samba Share Permission in a Nutshell

In this post I'm writing all the troubles that I faced when setting up samba shares for Windows and MAC, to help novice users get the samba up and running as quickly as possible. Do note that all the tips & tricks shared here is meant to get things up and running quickly, it might create security hole. Use at your own risk and be sure to research more if you are deploying for high security concern mission.

New created folder or copy & paste into samba shared folder do not follow permission set by smb.conf
The key settings are the following (e.g. permissions 775)
  • create mask = 0775
  • force create mode = 0775
  • security mask = 0775
  • force security mode = 0775
  • directory mask = 2775
  • force directory mode = 2775 (If you change this to 0755, it won't work. So this parameter is very important)
  • directory security mask = 2775
  • force directory security mode = 2775
Now, why 2775?
  • 2 = the setgid bit is set (2) which makes newly created directories have the same group ownership as the parent.
  • 77 = owners and group members of the files have full access to them
  • 5 = everyone else can enter the directories and view the file names (use with caution)
To be continue...