File permissions on Samba shares

Posted by Al on 9 November 2010 | 0 Comments

Tags: samba, linux, windows

Here's the situation. We have a server with a bunch of shares on it, that a bunch of different people access. Each share allows a different group access, and users can be in more than one group.

This works fine as-is when you are just editing a file, but if you are creating a new file it will get created with access set to the user and the user's default group. Often this means that it is the completely wrong group for the share! So we need to force our file server to a) set the correct group on file creation, and b) allow the group read-write access to new files by default.

To accomplish a), we need to set the gid sticky-bit. When the gid sticky-bit is set on a directory all new files will be created with the group ownership of the parent directory. We can set this on all directories fairly easily with something like this:

find /home/companydata/ -type d -exec chmod g+s {} \;

For b) we need to edit our smb.conf and add the following into each group share:

force create mode = 0660
force directory mode = 0770

Hopefully this is fairly straight forward. Don't forget to restart Samba!