Print Email PDF

Set the default POSIX permissions for SMB shares

IN THIS ARTICLE 

Outlines how to set the default POSIX permissions for SMB shares

REQUIREMENTS

  • Qumulo Core 2.5.1 or above for Windows
  • Qumulo Core 2.5.2 or above for Mac
  • Command line (CLI) tools installed via API & Tools tab

PROCESS

In Qumulo Core 2.5.1, we’ve introduced some additional flexibility for customers that have both NFS and SMB users accessing the same files. For each SMB share, the option is now available to specify the POSIX mode bits set when an SMB user creates a new file or directory.

The default POSIX mode bits control the behavior of Qumulo when setting permissions on objects written over SMB into a directory that does not contain any pre-existing inheritable ACLs. In other words, "In the absence of pre-existing inheritable permissions, apply these default permissions." This is roughly comparable to the umask setting in POSIX environments.

NOTE: The default permissions applied to a new directory or file created by SMB writers do not have any inheritable permissions from its parent's ACL. If ACL inheritance exists, this option will have no effect.

Create an SMB share with Custom POSIX Permissions

Using the Web UI

  1. Navigate to the SMB Shares page.
  2. Click Create Share.
  3. Scroll to the bottom of the page and expand Advanced Options.
  4. Enter the default values desired in the Default File Create Mode and Default Directory Create Mode fields.
  5. Click Create Share.

Using the QQ CLI

In the example below, an SMB share users is added that assigns new files and directories POSIX permissions that give full rwx access for everyone (777).

qq smb_add_share --name users --fs-path /users --default-file-create-mode 777 --default-directory-create-mode 777

The above command will return the following: 

{
"access_based_enumeration_enabled": false,
"allow_guest_access": false,
"default_directory_create_mode": "0777",
"default_file_create_mode": "0777",
"description": "",
"fs_path": "/users",
"id": "12",
"read_only": false,
"share_name": "users"

}

NOTE: If arguments are left unspecified, the default_file_create_mode will be 644 and the default_directory_create_mode will be 755.

Modify an existing SMB share with Custom POSIX Permissions

Using the Web UI

  1. Navigate to the SMB Shares page.
  2. Identify the share desired and click the Screen_Shot_2021-10-22_at_8.55.37_AM.png in the Actions menu to edit the share.
  3. Scroll to the bottom of the page and expand Advanced Options.
  4. Enter the default values desired in the Default File Create Mode and Default Directory Create Mode fields.
  5. Click Save.

Using the QQ CLI

To modify an existing SMB share using the same arguments above, the share ID will be utilized in the qq command. Retrieve the ID of the share by running the following command to list all SMB shares:

qq smb_list_shares

Output will return a list of all shares and their settings, including the share ID:

[
{
"access_based_enumeration_enabled": false,
"allow_guest_access": false,
"default_directory_create_mode": "0755",
"default_file_create_mode": "0644",
"description": "",
"fs_path": "/users",
"id": "14",
"read_only": false,
"share_name": "users"
}

]

In the above example, the ID of the users share is 14 which can be used in the qq modify command to change the share permissions:

qq smb_mod_share --id 14 --default-file-create-mode 777 --default-directory-create-mode 777

Running the above command outputs the following:

{
"access_based_enumeration_enabled": false,
"allow_guest_access": false,
"default_directory_create_mode": "0777",
"default_file_create_mode": "0777",
"description": "",
"fs_path": "/users",
"id": "14",
"read_only": false,
"share_name": "users"

}

NOTE: Once settings are applied, clients will need to remount the share for the changes to take effect.

RESOLUTION

You should now be able to successfully set the default POSIX permissions for SMB shares

ADDITIONAL RESOURCES

QQ CLI: SMB Shares

 

Like what you see? Share this article with your network!

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Have more questions?
Open a Case
Share it, if you like it.