Samba does not inherit setgid bit (anymore)

Issues related to applications and software problems
Posts: 2
Joined: 2018/01/09 15:38:10

Samba does not inherit setgid bit (anymore)

Postby iveze » 2018/01/09 16:29:12

Somewhere between Samba 4.2.10 and 4.6.2 (came with CentOS 7 updates) the setgid bit is not inherited anymore when making directories via my Samba service. Everything else is still fine. With ssh direct on the file system or sftp, i get all permissions and acls inherited nicely. Also with Samba all acls are still just fine, except that setgid bit is not inherited (s on the group executable bit becomes an x), so subsequent directories and files have the wrong group.

I setup the Samba server to follow the file system. Clients are not allowed to deviate from the filesystem permissions and acls. Here an exerpt from the smb.conf.

unix extensions = no

map archive = no
map hidden = no
map read only = no
map system = no
store dos attributes = yes

comment = Sftp
path = /var/ftp
valid users = @adminX @adminY @adminZ
public = no
writable = yes
printable = no
browsable = yes
follow symlinks = no
create mask = 0666
directory mask = 0777
nt acl support = no
inherit acls = yes
case sensitive = no
use sendfile = true

As said before, this worked perfectly for years to force clients into obeying the file system. I already tried all sorts of variations. Also "inherit permissions" instead of the "masks". But it does not help, and if i do not use the masks, then the acls are not inherited properly.

My best guess is, it is either a bug, or there is some other (new) parameter i need to add. If anyone remembers a change in Samba between the mentioned versions that could have something to do with it, that is welcome info too.

Solutions that force anything (a group) on the share are not usable. The share must follow permission and acl inheritance of the file system (different directories have different groups).

Btw, the file system is ext4 on a kvm guest.

Thanks in advance for any info.

Kind regards, Vincent

Posts: 2
Joined: 2018/01/09 15:38:10

Re: Samba does not inherit setgid bit (anymore)

Postby iveze » 2018/01/11 13:46:01

Alright, i made a minimal share definition:

comment = Test
path = /var/ftp
writable = yes
inherit permissions = yes

The smb.conf reference says about "inherit permissions":
New directories inherit the mode of the parent directory, including bits such as setgid.

Well, this is obviously not true anymore. The setgid bit is not even inherited in this minimal share definition. Or do i need to add a parameter to force it to work?