I have a SMB share (basically a private home directory for users, but manually set up for better control of access).
The config file (managed via OMV Web):
[MyPrivate] path = /srv/dev-disk-by-uuid-.../MyPrivate/ guest ok = no guest only = no read only = no browseable = yes inherit acls = yes inherit permissions = yes ea support = no store dos attributes = no recycle:repository = .recycle/%U recycle:keeptree = yes recycle:versions = yes recycle:touch = yes recycle:touch_mtime = no recycle:directory_mode = 0777 recycle:subdir_mode = 0700 recycle:exclude = recycle:exclude_dir = recycle:maxsize = 0 vfs objects = recycle printable = no create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 hide special files = yes follow symlinks = yes hide dot files = yes valid users = "myuser","dockeruser" invalid users = read list = "dockeruser" write list = "myuser"
This all works fine, however when new files are created via SMB then the mask of the file causes the dockeruse to lose the read permission (docker should be able to read everything, just not write something):
root@freya:/srv/dev-disk-by-uuid-.../MyPrivate# getfacl Test/ # file: Test/ # owner: apoy2k # group: users # flags: -s- user::rwx user:dockeruser:r-x group::--- mask::r-x other::--- default:user::rwx default:user:dockeruser:r-x default:group::--- default:mask::r-x default:other::--- root@freya:/srv/dev-disk-by-uuid-.../MyPrivate# getfacl Test/created_by_smb.txt # file: Test/created_by_smb.txt # owner: apoy2k # group: users user::rw- user:dockeruser:r-x #effective:--- group::--- mask::-w- other::--- root@freya:/srv/dev-disk-by-uuid-.../MyPrivate# getfacl Test/created_by_shell.txt # file: Test/created_by_shell.txt # owner: apoy2k # group: users user::rw- user:dockeruser:r-x #effective:r-- group::--- mask::r-- other::---
No, I read a bit into the whole SMB/Mask stuff I found online but tbh I am thoroughly confused still.
So, I know the "inherit X" settings cause SMB to ignore the "mask" settings. Which in my opinion is OK because the "default" ACLs are correct - but it seems SMB still overwrites the mask when new files are created?
Then I need to remove the "inherit X" settings and set the masks manually? But to what value? Because644 (rw-r--r--) seems fine - but apparently SMB uses ----w---- somehow?