Recently I found a problem with my existing settings of Samba share: every time after I edit and save a file in the share from Windows client, the UNIX file permission will also be changed in Samba server. And that's not desired.
After I read this article about Samba share access control, I found the solution is on the "security mask" setting, which controls UNIX permission bits modified when a Windows NT client is manipulating the UNIX permissions on a file. Another userful setting is "force create mode", which specifies a set of UNIX-mode bit permissions that will always be set on a file created by Samba.
So I added security mask = 0000 and force create mode = 0774 (rwxrwxr--) into my smb.conf configuration file under the the Share definitions section. Now Windows will no longer be able to change the UNIX permissions on a file. And the new share definition looks like below:
[homes]
comment = Home Directories
browseable = no
writable = yes
inherit permissions=no
security mask = 0000
force create mode = 0774
Specify force user= for better sharing a folder
[sysbak]
valid users=@admin
force user = apache
force group = admin
Set the following in the global section if MS Office often saves/writes to the samba shares:
strict sync = Yes
sync always = Yes
oplocks = No
level2 oplocks = No
No comments:
Post a Comment