I recently updated our Ubuntu server running Samba right after upgrading our Macs. While I know updating directly in production isn't ideal, I'm in a bit of a bind now and would love some insights. We have an Ubuntu server with Samba/WinBind integrated with our on-premise Active Directory, and everything has been functioning well until this update.
Our users have specific groups set up for projects, and I have a script that creates project folders with appropriate permissions. However, after the update, we're experiencing strange issues with folder permissions on different operating systems. Windows users can copy files and folders without issues, but Mac users trying to copy folders to a specific directory get an error saying, "The operation can't be completed because an unexpected error occurred (error code -8062)."
I noticed that the group ownership of new files and folders defaults to "domain users" instead of the project group, which is confusing. I have a couple of key questions:
1. How can I ensure that new files maintain the correct group ownership from the parent directory?
2. Are there any specific settings in the Samba configuration I should review in light of this update?
3. I received a suggestion to use `setfacl` commands in my folder creation script to handle permissions more effectively, but I would like to understand if this is now a necessity due to the update.
I'm open to any advice or suggestions on how to tackle these issues and would appreciate it if replies can be friendly!
3 Answers
It seems like your issue is primarily due to inheritance settings. When copying a folder on macOS, you might be hitting a snag with ACL semantics rather than basic authentication. First, check that your parent directory has the setgid bit set; you can do this with the command `ls -ld $PROJECT_PATH/Release`. You should see something like `drwxrwsr-x`. If it’s not set, run `chmod g+s $PROJECT_PATH/Release` to enable it.
For a more robust solution, consider implementing default ACLs on the filesystem. This will make sure permissions are correctly inherited, regardless of the OS used. You should also confirm your Samba settings are correct—particularly `inherit permissions`, `inherit acls`, and `map acl inherit`. After an update, sometimes these preferences can change or revert back, so it’s worth double-checking them. Go through those settings, and let me know if you need help with the specifics!
Have you considered creating separate directories for "Design", "QA", and "Release"? It could simplify permissions management by keeping them isolated from one another. This way, if a permissions issue arises in one, it won't affect the others. It’s worth discussing whether separating these could be beneficial!
The fact that Windows users are fine while Macs are having issues is interesting. Ideally, Linux behavior dictates that new files automatically take the ownership of the creator—typically their primary group. If ownership is still stuck at "domain users," you might want to look into your Samba configuration closely.
Be sure that relevant Samba settings like `map acl inherit`, `inherit permissions`, and `inherit acls` are enabled. If they were altered in the recent update, that might explain the inconsistencies. Also, ensure your Samba logs are clear of errors—those could provide more insight on failures occurring on the macOS side.
Thanks for the detailed steps! If you also check that the ACL settings for macOS are appropriately set (like having `vfs objects = acl_xattr`), that could alleviate some issues too. It's great that you're looking into this methodically!