I setup the Samba server to follow the file system. Clients are not allowed to deviate from the filesystem permissions and acls. Here an exerpt from the smb.conf.
As said before, this worked perfectly for years to force clients into obeying the file system. I already tried all sorts of variations. Also "inherit permissions" instead of the "masks". But it does not help, and if i do not use the masks, then the acls are not inherited properly.[global]
unix extensions = no
map archive = no
map hidden = no
map read only = no
map system = no
store dos attributes = yes
[ftp]
comment = Sftp
path = /var/ftp
valid users = @adminX @adminY @adminZ
public = no
writable = yes
printable = no
browsable = yes
follow symlinks = no
create mask = 0666
directory mask = 0777
nt acl support = no
inherit acls = yes
case sensitive = no
use sendfile = true
My best guess is, it is either a bug, or there is some other (new) parameter i need to add. If anyone remembers a change in Samba between the mentioned versions that could have something to do with it, that is welcome info too.
Solutions that force anything (a group) on the share are not usable. The share must follow permission and acl inheritance of the file system (different directories have different groups).
Btw, the file system is ext4 on a kvm guest.
Thanks in advance for any info.
Kind regards, Vincent