Sophos Anti-Virus for Mac OS X: setting up Samba to accommodate an ESOSX CID

  • Article ID: 13109
  • Updated: 19 Feb 2009

In order for a Windows computer, in particular a Windows 2000/2003 server running Enterprise Console, to be able to write to a share on an Mac OS X computer, the share must be set up specially.

What to do

Shares on Mac OS X computers, to which Windows computers can write, are specified using Samba on the Mac OS X computer. The configuration options are specified in Workgroup Manager, and are then written to /etc/smb.conf. You will need to make the following additional changes to this file.

  1. Open the file /etc/smb.conf and scroll to the bottom. The last share that you created using Workgroup Manager will be listed here.
  2. Just above the 'Create Mask' line, add another line:

    force create mode = 0755

  3. Restart the Samba processes to implement the configuration change:
    • Go into 'Server Admin'
    • Restart the 'Windows' service.

Technical details

The two main options to look at in a share are:

  • create mask
  • directory mask

They determine the permissions which will be assigned to directories and files which are written into the share.

As the Central Installation Directory (CID) written to this location must be executable, so that it can be installed to client computers, the permissions must be set up specially.

Essentially the 'create mask' value must be changed. However, because this can be subverted by inherited permissions, it is better to add a new option called 'force create mode'. This overrides even inherited permissions for the share that it is in.

Sample share with this line added:

oplocks = 0
map archive = no
path = /Shared Items/Mac
read only = no
inherit permissions = 0
strict locking = 1
comment = macosx
force create mode = 0755
create mask = 0644
guest ok = 1
directory mask = 0777

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent