2

Experimenting in Samba with share settings:

[mytestshare]
path = /srv/mypath
comment = This is mytestshare
force group = mygroup
valid users = @mygroup
writeable = yes
create mode = 0770
force create mode = 0770
force directory mode = 2770

When I access this share from windows logged in as myname, files I create are rwxr----- When I access this share from Putty logged in as root, files I create are rwxrwx--- I have Edited /etc/profile and added as a final line umask 007. I want to make all new windows files when logged in as myname rwxrwx---. Is there something I have missed?

L. D. James
  • 24,768
  • 10
  • 68
  • 116
Nealt
  • 63
  • 2
  • 7
  • do you have `obey pam restrictions` set? and what does `/etc/profile` have to do with samba? – Rinzwind Jul 03 '17 at 17:42
  • It was my understanding that changing etc/profile with umask 007 caused the default file creation attributes to always be rwxrwx---. Please let me know if this is wrong? – Nealt Jul 03 '17 at 20:05
  • [global] obey pam restrictions = yes – Nealt Jul 04 '17 at 09:18

1 Answers1

4

The parameter obey pam restrictions = yes overrules your samba settings.

See as an example ...

And the manual ...

smb.conf PAM Configuration

There is an option in smb.conf called obey pam restrictions. The following is from the online help for this option in SWAT:

When Samba is configured to enable PAM support (i.e., --with-pam), this parameter will control whether or not Samba should obey PAM's account and session management directives. The default behavior is to use PAM for clear-text authentication only and to ignore any account or session management. Samba always ignores PAM for authentication in the case of encrypt passwords = yes. The reason is that PAM modules cannot support the challenge/response authentication mechanism needed in the presence of SMB password encryption.

 Default: obey pam restrictions = no
Community
  • 1
Rinzwind
  • 293,910
  • 41
  • 570
  • 710