I have a SMB share (basically a private home directory for users, but manually set up for better control of access).
The config file (managed via OMV Web):
[MyPrivate]
path = /srv/dev-disk-by-uuid-.../MyPrivate/
guest ok = no
guest only = no
read only = no
browseable = yes
inherit acls = yes
inherit permissions = yes
ea support = no
store dos attributes = no
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:touch_mtime = no
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
recycle:exclude =
recycle:exclude_dir =
recycle:maxsize = 0
vfs objects = recycle
printable = no
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
hide special files = yes
follow symlinks = yes
hide dot files = yes
valid users = "myuser","dockeruser"
invalid users =
read list = "dockeruser"
write list = "myuser"This all works fine, however when new files are created via SMB then the mask of the file causes the dockeruse to lose the read permission (docker should be able to read everything, just not write something):
root@freya:/srv/dev-disk-by-uuid-.../MyPrivate# getfacl Test/
# file: Test/
# owner: apoy2k
# group: users
# flags: -s-
user::rwx
user:dockeruser:r-x
group::---
mask::r-x
other::---
default:user::rwx
default:user:dockeruser:r-x
default:group::---
default:mask::r-x
default:other::---
root@freya:/srv/dev-disk-by-uuid-.../MyPrivate# getfacl Test/created_by_smb.txt
# file: Test/created_by_smb.txt
# owner: apoy2k
# group: users
user::rw-
user:dockeruser:r-x #effective:---
group::---
mask::-w-
other::---
root@freya:/srv/dev-disk-by-uuid-.../MyPrivate# getfacl Test/created_by_shell.txt
# file: Test/created_by_shell.txt
# owner: apoy2k
# group: users
user::rw-
user:dockeruser:r-x #effective:r--
group::---
mask::r--
other::---No, I read a bit into the whole SMB/Mask stuff I found online but tbh I am thoroughly confused still.
So, I know the "inherit X" settings cause SMB to ignore the "mask" settings. Which in my opinion is OK because the "default" ACLs are correct - but it seems SMB still overwrites the mask when new files are created?
Then I need to remove the "inherit X" settings and set the masks manually? But to what value? Because644 (rw-r--r--) seems fine - but apparently SMB uses ----w---- somehow?
