The same happens for files (but with 600 vs 640/660) .
The longer description:
I'm reinstalling our server under CentOS7. We were using samba for a simple sharing of directories.
SELinux is off and the firewall allows connections.
Code: Select all
uname -r
3.10.0-862.2.3.el7.x86_64
sestatus
SELinux status: disabled
firewall-cmd --zone=public --list-all |grep samba
rule family="ipv4" source address="XXX.YYY.ZZ.1/24" service name="samba" log prefix="samba" accept
Code: Select all
id
uid=1001(testuser) gid=1000(testgroup) groups=1000(testgroup),100(users)
Samba's config-file (some of options like write_list should not be required; valid_users should be enough - I was desperate):
Code: Select all
[global]
... # usual staff like master, group, netbios-name...
load printers = no
printing = cups
veto files = /*.[mM][pP]3
interfaces = lo enp3s0f0
hosts allow = XXX.YYY.ZZZ. #could be ignored as handled by firewalld
security = user
[TestUser]
path = /home/testuser
writeable = yes
browseable = yes
read only = no
valid users = testuser
write list = testuser
read list = testuser
printable = no
create mask = 0640
directory mask = 710
force create mode = 0640
force directory mode = 0710
inherit acls = no
inherit permissions = no
I tested all files/directories in question with `getfacl /home/testuser/SOME/PATH` and all they have either 600/700 or 660/770 permissions.
Now the problem:
After giving IP address of the server I'm asked about user/passwd pair and then I see from windows machine all shares available on the linux server. Samba log indicate that testuser has successfully connected to service TestUser. I select my own share and then...
...if group has no read permission (or for directories rx) I am not allowed to open file/dir from windows but I can do whatever I want after log-in with `ssh` to linux machine. If I change permission to 644/750 then I can also work on these files from windows.
If samba is force to write files/dirs with 600/700 then the empty file/dir is created and immediately windows application tells me that I have no rights to work on it.
I don't need to tell that with samba 3.x the same setup was working.
I have no idea how to solve this. Any help would be appreciated.
best regards