How do I force specific permissions for new files/folders on Linux file server?

linux networking ubuntu file-sharing file-permissions

516

Solution 1

I typically use SAMBA's native functionality for permissions and groups management on shares. For example..

force user=user1
force group=sharedgroup
create mask=775

You would specify these settings under the share. Be certain to reload SAMBA after the configuration change, which could be done via the init script.

Solution 2

Set the permissions on the directory to be 2777, like this:

chmod 2777 /shared/dir

This causes all files and folders under the '/shared/dir' directory to inherit the permissions of the top directory, in this case 777.

Afterwards, do this to make sure all files have the proper permissions:

chmod -R 777 /shared/dir

Solution 3

I realize this is an old question but I recently had a similar issue and here's how I solved it:

[share]
security mask = 0770
create mask = 0770
force create mode = 0660
comment = Samba share for IT
path = /raid/share
browseable = YES
guest ok = no
write list = root, @"DOMAIN+it_nfs"
force group = DOMAIN+it_nfs

This ensures that users have to be in the "it_nfs" security group in AD, all files will be written with group "it_nfs," and all files will be written with at least 0660 and at most 0770 perms. Forcing the group ID ensures that anybody in that group can read/write the files on the share. Otherwise you end up with situations where a file written as bob:bob can't be written by charlie:charlie, even though both of them are in "it_nfs".

516

Author by

WelcomeTo

Updated on September 17, 2022

Comments

WelcomeTo over 1 year

It's possible to communicate between applet and GWT application (and vice-versa) when launching GWT in hosted mode? I think no, because applet can communicate only with JavaScript (through LiveConnect), but GWT's hosted mode don't produce any JS...
- Warner almost 14 years
  
  User groups and other native permissions, don't chmod 777.
- Manolo Carrasco Moñino about 11 years
  
  updated my response, hope it works for you
Warner almost 14 years

About the only situation where publicly writable is acceptable is with /tmp.
mistiry almost 14 years

Yet the post says he did that and it didn't work....
mistiry almost 14 years

Yeah, probably better to use 774 or even 770, depending on the situation. But, he asked how to make them all '777', so I just used that in my example.
Warner almost 14 years

Then he did it wrong. It works.
humble_coder almost 14 years

Yes, but how do I ensure that all future files copied to that directory over the network receive the same permissions regardless of their initial permissions? I have no problems when manually doing it, I simply want it automated.
Warner almost 14 years

SAMBA uses a combination of filesystem permissions and settings within the configuration. If users aren't on a write list or otherwise allowed to write in the share configuration, it will not work. If the user that SAMBA runs at is unable to access the directories, it will not work. Users should be members of the appropriate group, the directories and files should be owned by that group, and have the writable bit set for the group. You can check the SAMBA logs as well.
humble_coder almost 14 years

Yes, and to my knowledge I've done this. After reading repsonses I know what needs to be done (and I feel that I've done it), but apparently I'm missing something. Can you point me to a bit of info on something specific? Thanks, btw.
Warner almost 14 years

Does the user writing have permissions on the local filesystem as well as via the SAMBA configuration? The user would need to be owner or member of the group with permissions to write as well as be on the write list, for example.
NagyI over 11 years

I've been looking for a long time for this! Thanks! :) It's working as expected.
WelcomeTo about 11 years

Thanks for detailed answer. So it will work if I call applet through JSNI code? P.S. I don't want to use GWT-AI because of GwtAI is not yet fit for use in production.... don't expect it to be stable.. Anyway thanks.
Manolo Carrasco Moñino about 11 years

Yes, any jsni works in hosted mode. I have gwtai in production. Updated my answer.
Sam Watkins almost 10 years

This does not work. The setgid flag for folders sets the group of new files and folders, not permissions, and running chmod all the time is not acceptable. I need a solution that is not related to samba, for Steam on Linux so I can share library between users.
GDorn over 7 years

I've been trying to do this forever, too. This still works and is particularly useful on a NAS running transmission-daemon as one user but you occasionally forget and make edits over samba as a different user.
Sz. over 6 years

This solution should work, and used to (~20 years with Samba here) but now, on one particular setup (Win7 to Raspbian (freshly apted + 4.x kernel), it just doesn't, like with the OP 7 years ago. Here everything gets created by root, with 777. No clue in the logs. It's late at night here, and I'm sure I'm missing something ridiculously obvious, but... what? (There seems to be a wicked catch here, as it has apparently happened to others, too, before.)
Sz. over 6 years

Finally figured it out: serverfault.com/a/887362/167625