Creating a directory in Samba share from OSX client always has ACL “mask:r-x”
up vote
1
down vote
favorite
I've had a few shares configured in Samba 4.9.3 (Arch Linux), everything was fine. Access control was done via unix accounts and groups. Then I decided to change the running system.
I set up a Time Machine backup volume in Samba, introducing the vfs_fruit module. That part seems to have started the problems. Sources said that macOS can be picky and the module chain catia fruit streams_xattr needs to be enabled on all the shares, not just the Time Machine share. So I did that.
(The Time Machine backup went through with those settings. TBH I didn't try restoring yet and I'm a little scared of it.)
However, whenever I create a folder on a normal share (via Finder.app), it now gets unix permissions drwxr-xr-x+ that differ from the directory mask = 2770 that I configured for the share. Apart from that, it has these ACLs set:
> getfacl /mnt/dungeon/tmp/untitled folder
getfacl: Removing leading '/' from absolute path names
# file: mnt/dungeon/tmp/untitled folder
# owner: nobody
# group: smb_tmp
user::rwx
user:nobody:rwx #effective:r-x
group::rwx #effective:r-x
group:smb_tmp:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:user:nobody:rwx
default:group::rwx
default:group:smb_tmp:rwx
default:mask::rwx
default:other::---
The mask::r-x part seems to prevent my user (in group smb_tmp) from even renaming the "untitled folder" I created. If I set mask to rwx manually like this, the folder becomes editable:
sudo setfacl -m mask::rwx /mnt/dungeon/tmp/untitled folder
Changing the folder's permissions from Finder.app is not possible, it tells me I don't have the necessary permission.
If I create a folder in the same location from a Windows 8 client, it has the proper unix access rights and no ACLs set.
I also tried modifying my user's umask on the server, but changing that from the default 022 to 027 didn't change anything.
The other Samba options I tried are in the global section of my smb.conf. None of them changed the ACLs of the folders I created.
What do I need to do to have both Time Machine backup and group-owned shares work properly?
I'm not particularly afraid of ACLs, but if I can get by without them that'd be just fine.
osx samba
asked 2 days ago
Tanuva
61
New contributor
Tanuva is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
1
down vote
favorite
I've had a few shares configured in Samba 4.9.3 (Arch Linux), everything was fine. Access control was done via unix accounts and groups. Then I decided to change the running system.
I set up a Time Machine backup volume in Samba, introducing the vfs_fruit module. That part seems to have started the problems. Sources said that macOS can be picky and the module chain catia fruit streams_xattr needs to be enabled on all the shares, not just the Time Machine share. So I did that.
(The Time Machine backup went through with those settings. TBH I didn't try restoring yet and I'm a little scared of it.)
However, whenever I create a folder on a normal share (via Finder.app), it now gets unix permissions drwxr-xr-x+ that differ from the directory mask = 2770 that I configured for the share. Apart from that, it has these ACLs set:
> getfacl /mnt/dungeon/tmp/untitled folder
getfacl: Removing leading '/' from absolute path names
# file: mnt/dungeon/tmp/untitled folder
# owner: nobody
# group: smb_tmp
user::rwx
user:nobody:rwx #effective:r-x
group::rwx #effective:r-x
group:smb_tmp:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:user:nobody:rwx
default:group::rwx
default:group:smb_tmp:rwx
default:mask::rwx
default:other::---
The mask::r-x part seems to prevent my user (in group smb_tmp) from even renaming the "untitled folder" I created. If I set mask to rwx manually like this, the folder becomes editable:
sudo setfacl -m mask::rwx /mnt/dungeon/tmp/untitled folder
Changing the folder's permissions from Finder.app is not possible, it tells me I don't have the necessary permission.
If I create a folder in the same location from a Windows 8 client, it has the proper unix access rights and no ACLs set.
I also tried modifying my user's umask on the server, but changing that from the default 022 to 027 didn't change anything.
The other Samba options I tried are in the global section of my smb.conf. None of them changed the ACLs of the folders I created.
What do I need to do to have both Time Machine backup and group-owned shares work properly?
I'm not particularly afraid of ACLs, but if I can get by without them that'd be just fine.
osx samba
asked 2 days ago
Tanuva
61
New contributor
Tanuva is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I've had a few shares configured in Samba 4.9.3 (Arch Linux), everything was fine. Access control was done via unix accounts and groups. Then I decided to change the running system.
I set up a Time Machine backup volume in Samba, introducing the vfs_fruit module. That part seems to have started the problems. Sources said that macOS can be picky and the module chain catia fruit streams_xattr needs to be enabled on all the shares, not just the Time Machine share. So I did that.
(The Time Machine backup went through with those settings. TBH I didn't try restoring yet and I'm a little scared of it.)
However, whenever I create a folder on a normal share (via Finder.app), it now gets unix permissions drwxr-xr-x+ that differ from the directory mask = 2770 that I configured for the share. Apart from that, it has these ACLs set:
> getfacl /mnt/dungeon/tmp/untitled folder
getfacl: Removing leading '/' from absolute path names
# file: mnt/dungeon/tmp/untitled folder
# owner: nobody
# group: smb_tmp
user::rwx
user:nobody:rwx #effective:r-x
group::rwx #effective:r-x
group:smb_tmp:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:user:nobody:rwx
default:group::rwx
default:group:smb_tmp:rwx
default:mask::rwx
default:other::---
The mask::r-x part seems to prevent my user (in group smb_tmp) from even renaming the "untitled folder" I created. If I set mask to rwx manually like this, the folder becomes editable:
sudo setfacl -m mask::rwx /mnt/dungeon/tmp/untitled folder
Changing the folder's permissions from Finder.app is not possible, it tells me I don't have the necessary permission.
If I create a folder in the same location from a Windows 8 client, it has the proper unix access rights and no ACLs set.
I also tried modifying my user's umask on the server, but changing that from the default 022 to 027 didn't change anything.
The other Samba options I tried are in the global section of my smb.conf. None of them changed the ACLs of the folders I created.
What do I need to do to have both Time Machine backup and group-owned shares work properly?
I'm not particularly afraid of ACLs, but if I can get by without them that'd be just fine.
osx samba
asked 2 days ago
Tanuva
61
New contributor
Tanuva is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I've had a few shares configured in Samba 4.9.3 (Arch Linux), everything was fine. Access control was done via unix accounts and groups. Then I decided to change the running system.
I set up a Time Machine backup volume in Samba, introducing the vfs_fruit module. That part seems to have started the problems. Sources said that macOS can be picky and the module chain catia fruit streams_xattr needs to be enabled on all the shares, not just the Time Machine share. So I did that.
(The Time Machine backup went through with those settings. TBH I didn't try restoring yet and I'm a little scared of it.)
However, whenever I create a folder on a normal share (via Finder.app), it now gets unix permissions drwxr-xr-x+ that differ from the directory mask = 2770 that I configured for the share. Apart from that, it has these ACLs set:
> getfacl /mnt/dungeon/tmp/untitled folder
getfacl: Removing leading '/' from absolute path names
# file: mnt/dungeon/tmp/untitled folder
# owner: nobody
# group: smb_tmp
user::rwx
user:nobody:rwx #effective:r-x
group::rwx #effective:r-x
group:smb_tmp:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:user:nobody:rwx
default:group::rwx
default:group:smb_tmp:rwx
default:mask::rwx
default:other::---
The mask::r-x part seems to prevent my user (in group smb_tmp) from even renaming the "untitled folder" I created. If I set mask to rwx manually like this, the folder becomes editable:
sudo setfacl -m mask::rwx /mnt/dungeon/tmp/untitled folder
Changing the folder's permissions from Finder.app is not possible, it tells me I don't have the necessary permission.
If I create a folder in the same location from a Windows 8 client, it has the proper unix access rights and no ACLs set.
I also tried modifying my user's umask on the server, but changing that from the default 022 to 027 didn't change anything.
The other Samba options I tried are in the global section of my smb.conf. None of them changed the ACLs of the folders I created.
What do I need to do to have both Time Machine backup and group-owned shares work properly?
I'm not particularly afraid of ACLs, but if I can get by without them that'd be just fine.
osx samba
osx samba
asked 2 days ago
Tanuva
61
New contributor
Tanuva is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
Tanuva
61
New contributor
Tanuva is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
Tanuva
61
New contributor
Tanuva is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
Tanuva
61
asked 2 days ago
Tanuva
61
61
New contributor
Tanuva is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Tanuva is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Tanuva is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Try setting the following global option:
fruit:nfs_aces = no
From the manpage of vfs_fruit:
fruit:nfs_aces = yes | no
A global option whether support for querying and modifying the UNIX mode of directory entries via NFS ACEs is enabled, default yes.
answered yesterday
bluephant
12
New contributor
bluephant is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Welcome to U&L! Your answer would be more useful if it included a few details: What does this option do (a short extract from the documentation is enough)? Is that setting all that's required to fix the OP's problem?
– JigglyNaga
yesterday
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Try setting the following global option:
fruit:nfs_aces = no
From the manpage of vfs_fruit:
fruit:nfs_aces = yes | no
A global option whether support for querying and modifying the UNIX mode of directory entries via NFS ACEs is enabled, default yes.
answered yesterday
bluephant
12
New contributor
bluephant is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Welcome to U&L! Your answer would be more useful if it included a few details: What does this option do (a short extract from the documentation is enough)? Is that setting all that's required to fix the OP's problem?
– JigglyNaga
yesterday
add a comment |
up vote
0
down vote
Try setting the following global option:
fruit:nfs_aces = no
From the manpage of vfs_fruit:
fruit:nfs_aces = yes | no
A global option whether support for querying and modifying the UNIX mode of directory entries via NFS ACEs is enabled, default yes.
answered yesterday
bluephant
12
New contributor
bluephant is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Welcome to U&L! Your answer would be more useful if it included a few details: What does this option do (a short extract from the documentation is enough)? Is that setting all that's required to fix the OP's problem?
– JigglyNaga
yesterday
add a comment |
up vote
0
down vote
up vote
0
down vote
Try setting the following global option:
fruit:nfs_aces = no
From the manpage of vfs_fruit:
fruit:nfs_aces = yes | no
A global option whether support for querying and modifying the UNIX mode of directory entries via NFS ACEs is enabled, default yes.
answered yesterday
bluephant
12
New contributor
bluephant is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Try setting the following global option:
fruit:nfs_aces = no
From the manpage of vfs_fruit:
fruit:nfs_aces = yes | no
A global option whether support for querying and modifying the UNIX mode of directory entries via NFS ACEs is enabled, default yes.
answered yesterday
bluephant
12
New contributor
bluephant is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 4 hours ago
answered yesterday
bluephant
12
New contributor
bluephant is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered yesterday
bluephant
12
answered yesterday
bluephant
12
12
New contributor
bluephant is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
bluephant is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
bluephant is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Welcome to U&L! Your answer would be more useful if it included a few details: What does this option do (a short extract from the documentation is enough)? Is that setting all that's required to fix the OP's problem?
– JigglyNaga
yesterday
add a comment |
Welcome to U&L! Your answer would be more useful if it included a few details: What does this option do (a short extract from the documentation is enough)? Is that setting all that's required to fix the OP's problem?
– JigglyNaga
yesterday
Welcome to U&L! Your answer would be more useful if it included a few details: What does this option do (a short extract from the documentation is enough)? Is that setting all that's required to fix the OP's problem?
– JigglyNaga
yesterday
Welcome to U&L! Your answer would be more useful if it included a few details: What does this option do (a short extract from the documentation is enough)? Is that setting all that's required to fix the OP's problem?
– JigglyNaga
yesterday
add a comment |
Tanuva is a new contributor. Be nice, and check out our Code of Conduct.
Tanuva is a new contributor. Be nice, and check out our Code of Conduct.
Tanuva is a new contributor. Be nice, and check out our Code of Conduct.
Tanuva is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f486919%2fcreating-a-directory-in-samba-share-from-osx-client-always-has-acl-maskr-x%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
