DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2013-01-28 07:18:46

philippe44
Member
Registered: 2013-01-28
Posts: 10

"create mask = "ignored in smb.conf ?

Hi - I wanted to change the creation mask to 0770 for my file & folders using "create mask = 0770" and "directory mask = 0770" in smb.conf so that nothing are world accessible.

This works well for folders that are now, when created from my windows boxes rwxrwx---, but files continue to be rwxrwxrwx ! I've tried all the samba options, including security mask, force create mode ... no success with files.

Any idea if there is some ugly patch in the samba version provided with the NAS forcing this option ? BTW, I've rebooted the NAS many times, I made the smb.conf persistent, so there is no issue around all this

Thanks

Offline

 

#2 2013-01-28 07:57:52

FunFiler
Member
Registered: 2010-05-23
Posts: 577

Re: "create mask = "ignored in smb.conf ?

My understanding of the way the create mask is implemented is that samba users are allowed to modify those permissions up to the mask values. If set to 0777 for example, then a user would be able to modify all bits. This does not mean that the files will be created with those permissions - simply means that the user can use those permissions.

You can try the parameters force create mode and force directory mode instead.

force create mode = 0777
force directory mode = 0777

You may have to look at/change the umask too.

Last edited by FunFiler (2013-01-28 08:09:49)


3 * (DNS-323 with 2 * 2TB) = 12TB Running FW v1.08 & FFP v0.5
Useful Links: Transmission, Transmission Remote, Automatic

Offline

 

#3 2013-01-28 19:31:43

philippe44
Member
Registered: 2013-01-28
Posts: 10

Re: "create mask = "ignored in smb.conf ?

FunFiler wrote:

My understanding of the way the create mask is implemented is that samba users are allowed to modify those permissions up to the mask values. If set to 0777 for example, then a user would be able to modify all bits. This does not mean that the files will be created with those permissions - simply means that the user can use those permissions.

You can try the parameters force create mode and force directory mode instead.

I've tried these to make sure that files were created with the right modes, but still it does not change anything

force create mode = 0777
force directory mode = 0777

You may have to look at/change the umask too.

Same, umask is system-wide 006

I've installed the samba package 3.6.6 from ffp and it does create the files with the right permissions (folders have always been fine, even with he built-in samba). So it seems to be the dlink delivered samba ... But I'm having authentication problem with the ffp samba version that I hope to solve today

Offline

 

#4 2013-01-28 23:54:36

philippe44
Member
Registered: 2013-01-28
Posts: 10

Re: "create mask = "ignored in smb.conf ?

okay - found the answer to the problem : this is really due to the built-in Samba that comes with the DNS323, it would not use the parameter "create mask". The same config file with a Samba 3.6.6 installed through ffp gives the expected result.

The only issue, and I had forgotten that with time, is that Samba uses a different password backend and not anymore the old smbpasswd database and changes has to be made to smb.conf (don't forget to make the changes to /dev/mtdblock0,1 in smb.default so that they are permanent)

passdb backend = smbpasswd:/etc/samba/smbpasswd

I've chosen to re-use the DNS323 managed Samba files (smb.conf and smbpasswd) because it allows me to use the existing web GUI to add users, group, shares ... Just my choice though, you can still go and use the ones with the new Samba (in /ffp/etc/samba I think). If you decide to do what I did, edit the /ffp/start/samba.sh to change SMB_CONF_PATH to /etc/samba/smb.conf (and do not start built-in nmbd and smbd)

Hope this helps somebody

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB