I have a Samba 4.5.12 file server running on Debian Stretch with a file share configured as follows:
[test]
path = /srv/test
read only = no
Inside that share there's a directory: /srv/test/directory
. Using Windows client I then create a file test.txt
and after creation it has the following permissions:
# file: test.txt
# owner: some_user
# group: some_group
user::rw-
group::r--
other::r--
Now, on the file server I then set a default ACL on /srv/test/directory
directory:
setfacl -d -m group:some_other_group:rwx /srv/test/directory
touch /srv/test/directory/test2.txt
test2.txt
file has permissions as expected:
# file: test2.txt
# owner: some_user
# group: some_group
user::rw-
group::r-x #effective:r--
group:some_other_group:rwx #effective:rw-
mask::rw-
other::r--
When I then proceed to create another file using Windows client I get this:
# file: test3.txt
# owner: some_user
# group: some_group
user::rw-
group::r--
group:some_other_group:rwx
mask::rwx
other::r--
As you can see the mask is wrong. How can I fix this?
I tried setting create mask = 0666
but that did not help either. The only thing that helps is disabling NT ACL support via nt acl support = no
but I don't want to do this.
Full smb.conf
is as follows:
[global]
server role = member server
security = ADS
workgroup = *redacted*
realm = *redacted*
netbios name = FILES
kerberos method = secrets and keytab
acl allow execute always = yes
map to guest = bad user
store dos attributes = yes
map readonly = no
map archive = no
map hidden = no
map system = no
[test]
path = /srv/test
read only = no