I'm running Samba on a Debian server in my local home network. The Samba version is 4.9.5-Debian. My Mac Mini (with Big Sur) connects to that server. There is a share for time machine backups and another one for storing data. Time machine backups seem to work (at least Time Machine does not complain and I successfully restored single files from backups).
However, I noticed that permissions on the data share do not work properly. If I try to change permissions of a file or folder, e.g., with chmod 640 testfile.txt, then permissions on the share are not affected. Permissions always stay the same.
I already tried various Samba settings based on information I found on the Internet, as well as reading man smb.conf and man vfs_fruit.
I added these parameters to the global section of my smb.conf file:
   server min protocol = SMB3_00
   ea support = yes
   vfs objects = acl_xattr catia fruit streams_xattr
   fruit:aapl = yes
   fruit:metadata = netatalk
   fruit:resource = file
   fruit:encoding = native
   fruit:copyfile = yes
   fruit:model = MacSamba
   fruit:veto_appledouble = no
   fruit:posix_rename = yes
   fruit:zero_file_id = yes
   fruit:wipe_intentionally_left_blank_rfork = yes
   fruit:delete_empty_adfiles = yes
   fruit:nfs_aces = no
And the data share is configured like this:
[DataShare]
   comment = Samba data share
   path = /srv/samba/datashare
   browseable = yes
   read only = no
   guest ok = no
   valid users = myuser
   create mask = 0777
   directory mask = 0777
I'm new to Samba and am a bit confused by all the different parameters. Right now I don't have any idea why my Mac client cannot set file permissions for files on the share.
For simply storing files this might even be OK, but it causes problems with applications. As an example, I wanted to put my large picture library on to the share. I copied it there and wanted to open it with Apple's Photos app - but Photos fails to do so, says permissions are broken, and also fails to repair permissions.
I'd really appreciate some help, because I'd love to get this setup working.


fruit:nfs_aces = no, the client sees 0700 for files and directories alike.fruit:nfs_aces = nolater. Then I see permissions correctly. My main problem was a configuration problem: some of the above mentioned settings were not global - once I figured that out, things started to work. :-)