How can I force samba to create all new files in a share to be 070

Question

Experimenting in Samba with share settings:

[mytestshare]
path = /srv/mypath
comment = This is mytestshare
force group = mygroup
valid users = @mygroup
writeable = yes
create mode = 0770
force create mode = 0770
force directory mode = 2770

---

When I access this share from windows logged in as myname, files I create are rwxr----- When I access this share from Putty logged in as root, files I create are rwxrwx--- I have Edited /etc/profile and added as a final line umask 007. I want to make all new windows files when logged in as myname rwxrwx---. Is there something I have missed?

Answer 1

The parameter obey pam restrictions = yes overrules your samba settings.

See as an example ...

• Set umask, set permissions, and set ACL, but SAMBA isn't using those?
• Samba group write file permissions not set

And the manual ...

smb.conf PAM Configuration

There is an option in smb.conf called obey pam restrictions. The following is from the online help for this option in SWAT:

When Samba is configured to enable PAM support (i.e., --with-pam), this parameter will control whether or not Samba should obey PAM's account and session management directives. The default behavior is to use PAM for clear-text authentication only and to ignore any account or session management. Samba always ignores PAM for authentication in the case of encrypt passwords = yes. The reason is that PAM modules cannot support the challenge/response authentication mechanism needed in the presence of SMB password encryption.

 Default: obey pam restrictions = no