Samba file permission problem

I’m having yet another problem with Samba running on OS X, this one having to do with file permissions. Our G4 desktop is also a file server that we access from our laptops. Samba, for some reason, is not using the existing permissions of the files it makes available.

The desktop is named Cairo, my laptop is Prague. I can create a file on Cairo in one of the shared directories and it will have the correct permissions:

kchrist@cairo:/Volumes/Public>$ touch test-file.txt
kchrist@cairo:/Volumes/Public>$ ls -l test-file.txt 
-rw-r--r--   1 kchrist  users           0 Nov  1 20:39 test-file.txt

Actually these permissions will be changed to rw-rw-r-- by a weekly cron job, but that’s not relevant to the problem at hand.

I then mount the share on my laptop and work normally. But the permissions are different here:

kchrist@prague:~>$ cd /volumes/cairo
kchrist@prague:/Volumes/Cairo>$ ls -l test-file.txt 
-rwx------  1 kchrist  admin  0  1 Nov 20:39 test-file.txt

Creating a file on the share gives it the same permissions as above:

kchrist@prague:/Volumes/Cairo>$ touch test-file-2.txt
kchrist@prague:/Volumes/Cairo>$ ls -l test-file-2.txt 
-rwx------  1 kchrist  admin  0  1 Nov 20:44 test-file-2.txt

… and they are fine when seen from Cairo:

kchrist@cairo:/Volumes/Public>$ ls -l test-file-2.txt 
-rw-rw-r--   1 kchrist  users           0 Nov  1 20:44 test-file-2.txt

The permissions on the Samba share are set to rw-rw-r-- due to the following directives in /etc/smb.conf:

  create mode     = 0664
  directory mode  = 0775

This is working as expected, and is not relevant to the problem. This only affects files created on the shares by remote users. There is no way that I can see to force permissions on files being shared. The change is either being done by the SMB service on Cairo, or by the Samba clients on our laptops, but I’m not sure which. I used this same configuration file on my old desktop, running Debian and Samba 2.x, and did not have this problem. OS X 10.3.5 uses Samba 3.0.2.

This isn’t really a problem for files that aren’t leaving these machines, but I have to remember to manually change the permissions on any file I upload to the web so they can be read by everyone else, which is a bit of an annoyance (especially when I forget to do it).

I posted about this problem to the Apple support forums yesterday but haven’t gotten any useful response yet.