Users able to execute windows .exe though execute bit not set
nick at drouet.co.uk
Tue Apr 1 14:14:26 GMT 2003
I'm looking for some assistance regarding file permissions and the inability
to stop the execution of a file even though the execute permission has not
I create a share.
I copy the notepad.exe from a windows client onto the share.
>From Linux console:
chown <user> notepad.exe
chmod 600 notepad.exe
>From Windows client:
I map a drive to the share and I am still able to run the notepad.exe file
from the share, even though executable permissions aren't set...
I can remove the executable flag via the Windows GUI and the same occurs.
I've tried other executable files and the same occurs. If I chmod 222 to
remove any read rights, then I get the access denied that I would expect.
As far as user permissions are going, I've tried a number of options.
Originally I had a samba server as a member of a Windows NT Domain, using
Winbind to map user IDs. This also had ACL support with the 2.4.17acl kernel
and permissions were being set fine on multiple users from the NT domain.
I've stripped elements out until I now have just a samba server which is not
part of a domain and my windows user is in the smbpasswd file with matching
user Id and password. At all stages this problem occurs. I need to know if
I'm doing something very dumb here but the ability to stop users running
executables from a network share is critical.
Clients are Windows 2000 / NT4
Samba versions that I've tried are 2.2.8 and 22.214.171.124 (RPM from SuSE
Linux distros that I've tried are SuSE 7.2 and Redhat 7.2
Does anyone have any light they could throw onto why this is happening?
I've seen a few threads regarding this in the samba general but no replies
so forgive if off topic slightly but could really do with some hints..
Relevant bits from my smb.conf are below.
workgroup = DOMAIN2
guest account = nobody
keep alive = 30
os level = 2
kernel oplocks = false
security = domain
encrypt passwords = yes
socket options = TCP_NODELAY
map to guest = Bad User
wins server = 192.168.1.80
netbios name = samba1
winbind uid = 1000-2000
winbind gid = 1000-2000
winbind cache time = 10
winbind separator = +
password server = *
log file = /var/log/samba
log level = 1
path = /share3
comment = shared area
read only = no
browseable = yes
More information about the samba-technical