Honouring eXecute permissions on NT?

Martin Radford martin at zamenhof.demon.co.uk
Fri Nov 3 19:09:03 GMT 2000

> But it's not hard for them to store the binaries on the network, and copy
> them to the local machine TEMP directory at login, and run them from there.
> I did just that very thing as a (naughty) undergraduate here at Imperial, to
> get around the execute permissions thing...

That's true, unless you can remove execute permissions from anything
writable.  That still leaves the floppy disk, though.

I imagine the intent is to make it difficult, or at least
time-consuming, for the users to run unauthorised executables because
they're having to work around the administrator's settings all the
time.  And at least some users won't find out what they need to do.

> I've just tried using Samba's "Security" support (network permission
> setting) and NT doesn't seem to honour the execute ACL bit on that share.
> Even if it did, the user will be listed as the file's owner, and can change
> the permissions back at will. I understand what you're trying to do, but I
> can't see a way of doing it.

Perhaps of the gurus could at least point us mortals to the place in
the source where the changes need to be made?

Martin Radford              |   "Only wimps use tape backup: _real_ 
martin at zamenhof.demon.co.uk | men just upload their important stuff  -o)
Registered Linux user #9257 |  on ftp and let the rest of the world  /\\
- see http://counter.li.org |       mirror it ;)"  - Linus Torvalds _\_V

More information about the samba-ntdom mailing list