Here's a comprehensive solution to the common Samba permissions issue where newly created files/directories don't inherit the desired 777 permissions:
The problem stems from Linux's default umask behavior interacting with Samba's permission settings. When users create files through Samba, the system applies both the user's umask and Samba's mask settings, often resulting in stricter permissions than desired.
Edit your /etc/samba/smb.conf to include these directives under the relevant share:
[shared_folder] path = /path/to/shared create mask = 0777 directory mask = 0777 force create mode = 0777 force directory mode = 0777 force user = shareduser force group = sharedgroup
Combine the Samba configuration with these system settings:
# Set default ACLs on the shared directory sudo setfacl -R -d -m u::rwx,g::rwx,o::rwx /path/to/shared # Verify with: getfacl /path/to/shared
For more control, use inotify to watch for new files:
#!/bin/bash
inotifywait -m -r -e create --format '%w%f' /path/to/shared | while read NEWFILE
do
if [ -d "$NEWFILE" ]; then
chmod 777 "$NEWFILE"
else
chmod 666 "$NEWFILE"
fi
done
Edit /etc/profile or create /etc/profile.d/set_umask.sh:
# Set system-wide umask
if [ "$(id -u)" -ge 1000 ]; then
umask 000
fi
While 777 permissions solve access issues, they present security risks. Consider these alternatives:
- Use proper group permissions instead of world-writable
- Implement ACLs for finer-grained control
- Create a shared group and setgid on directories
When managing multi-user Samba shares, permission issues can become a recurring headache. The core issue manifests when different users create files/directories with restrictive default permissions (typically 755 for directories and 644 for files). This creates access problems when users from different systems (Windows, Mac, Linux) need to collaborate in the same shared folder.
Linux applies default permissions based on the umask value. The standard umask of 022 (resulting in 755 for dirs) gets applied even through Samba. What we need is to override this system-wide behavior specifically for our shared directory.
1. Setting Directory Defaults with setfacl
The modern approach uses Access Control Lists (ACLs):
# Install ACL support if needed
sudo apt-get install acl
# Set default ACLs on the shared folder
sudo setfacl -Rdm u::rwx,g::rwx,o::rwx /path/to/shared_folder
sudo setfacl -Rm u::rwx,g::rwx,o::rwx /path/to/shared_folder2. Samba Configuration Tweaks /h2>
Add these parameters to your smb.conf:
[shared]
path = /path/to/shared_folder
create mask = 0777
directory mask = 0777
force create mode = 0777
force directory mode = 0777
inherit permissions = yes
inherit acls = yes3. Filesystem Mount Options
For ext4 filesystems, add these options to /etc/fstab:
/dev/sdX1 /path/to/shared_folder ext4 defaults,acl,umask=000 0 2As a temporary measure while implementing the permanent solution, you can use this incrontab entry:
*/5 * * * * find /path/to/shared_folder -type d -exec chmod 777 {} \;While 777 permissions solve access issues, consider more secure alternatives:
- Create a common group for all users
- Set SGID bit to maintain group ownership
- Use finer-grained ACLs for specific needs
After implementing changes:
# Check directory permissions
ls -ld /path/to/shared_folder
# Verify ACL settings
getfacl /path/to/shared_folder
# Test file creation as different users
sudo -u user1 touch /path/to/shared_folder/testfile
ls -l /path/to/shared_folder/testfile