netatalk force permissions (not just OR but AND)

Question

I'm trying to setup a AFP share and get afpd/netatalk to force the permissions on newly created files/directories.

Group inherit is handled by setgid bit on parent/root directory and works just fine, however when I create eg. a new directory in the share, it results in:

drwxrwsr-x.  3 owner   shared_group  4096 Nov 10 22:31 test_folder

instead of

drwxrws---.  3 owner   shared_group  4096 Nov 10 22:31 test_folder

My volume settings are the following:

file perm = 0660
directory perm = 2770

However this is being OR'ed with client requested permissions (according to the afp.conf manual and my manual source code verification.

We previously used samba which allowed forcing permissions:

create mask = 660
force create mode = 660
security mask = 660
force security mode = 660
directory mask = 2770
force directory mode = 2770
directory security mask = 2770
force directory security mode = 2770

I tried setting umask option to 0000 thinking OR'ed with "file perm" and "directory perm" would get me to "force" .. but it doesn't, still the same result.

Is there a way to force permissions on files and directories in afp/netatalk?

Answer 1

I've quickly realised I failed to understand umask.

setting umask:

umask = 0007

fixed the issue, newly created file/directories now have correct permissions:

drwxrws---.  3 owner   shared_group  4096 Nov 10 22:31 test_folder