Apply Group Write Permissions when Creating New File/Folder over SSH

[SimpleTechGuy]

Hi, when user1 is creating a new file/folder in terminal using ssh the resulting permissions are drwxr-xr-x but should be drwxrwx---.

Dataset is applied permissions recursively drwxrwx--- owner:root group:users
User1 is in auxiliary group:users
Access Mode for Dataset:rwxrwx---
**note I Am NOT using ACL for this dataset

Platform: Generic Version:TrueNAS-12.0-U8.1.
Enabled Services:SMART,SMB,SSH

It seems like there is probably a config somewhere that should configure group write permissions for new files/folders, but I can't seem to find anything.

Thanks,

 

[anodos]

Hi, when user1 is creating a new file/folder in terminal using ssh the resulting permissions are drwxr-xr-x but should be drwxrwx---.

Dataset is applied permissions recursively drwxrwx--- owner:root group:users
User1 is in auxiliary group:users
Access Mode for Dataset:rwxrwx---
**note I Am NOT using ACL for this dataset

Platform: Generic Version:TrueNAS-12.0-U8.1.
Enabled Services:SMART,SMB,SSH

It seems like there is probably a config somewhere that should configure group write permissions for new files/folders, but I can't seem to find anything.

Thanks,

Why do you think it should be 770? A filesystem ACL can take precedence over process's umask for what permissions are set on file creation, but unless you've changed it, umask defaults to 022 (which is what you're seeing).

 

[SimpleTechGuy]

Hi @anodos, thanks for the reply. The umask is 0022.. I guess I probably phrased that wrong, I don't think it should be 770, but I want it to be 770. The reason is that when user1 in group1 creates a file in folder1 I need user2 in group1 to be able to edit that file.

 

[anodos]

Hi @anodos, thanks for the reply. The umask is 0022.. I guess I probably phrased that wrong, I don't think it should be 770, but I want it to be 770. The reason is that when user1 in group1 creates a file in folder1 I need user2 in group1 to be able to edit that file.

Since this path is an SMB share, you should probably be using ACLs anyways. That's the way the service and protocol is designed.

Why not just set the "restricted" template and expand with an entry for GROUP: group 2 with MODIFY permissions set and flags set to INHERIT?

Samba has create mask and directory mask parameters that we don't expose, but are currently possible to set via auxiliary parameters.

 

[SimpleTechGuy]

So I guess I mislead in my post again, sorry about that, sometimes I try to hard to simplify things it actually makes it more difficult to relay my problem. So This folder is not an SMB share, I just wanted to post the running services on the server because I do have other SMB shares on other Datasets, but this dataset is not being shared anywhere, it's only accessible via SSH.

 

[SimpleTechGuy]

I changed umask to 007 and that works for me, but it's not persistent.

 

[SimpleTechGuy]

I got tired of messing with it. Switched to ACL and problem solved.