Users able to execute windows .exe though execute bit not set
John H Terpstra
jht at samba.org
Tue Apr 1 16:03:34 GMT 2003
Nick,
Perhaps you can explain how you would achieve your goals if the server was
running Windows 2000 Server. If you can demonstrate a pure Windows
solution maybe we could match that with Samba.
- John T.
On Tue, 1 Apr 2003, Nick Drouet wrote:
> I'm looking for some assistance regarding file permissions and the inability
> to stop the execution of a file even though the execute permission has not
> been set.
>
> Scenario
>
> I create a share.
> I copy the notepad.exe from a windows client onto the share.
>
> >From Linux console:
>
> chown <user> notepad.exe
> chmod 600 notepad.exe
>
> >From Windows client:
>
> I map a drive to the share and I am still able to run the notepad.exe file
> from the share, even though executable permissions aren't set...
>
> I can remove the executable flag via the Windows GUI and the same occurs.
> I've tried other executable files and the same occurs. If I chmod 222 to
> remove any read rights, then I get the access denied that I would expect.
>
>
> As far as user permissions are going, I've tried a number of options.
> Originally I had a samba server as a member of a Windows NT Domain, using
> Winbind to map user IDs. This also had ACL support with the 2.4.17acl kernel
> and permissions were being set fine on multiple users from the NT domain.
> I've stripped elements out until I now have just a samba server which is not
> part of a domain and my windows user is in the smbpasswd file with matching
> user Id and password. At all stages this problem occurs. I need to know if
> I'm doing something very dumb here but the ability to stop users running
> executables from a network share is critical.
>
> Clients are Windows 2000 / NT4
> Samba versions that I've tried are 2.2.8 and 2.0.0.15 (RPM from SuSE
> installation CD).
> Linux distros that I've tried are SuSE 7.2 and Redhat 7.2
>
> Does anyone have any light they could throw onto why this is happening?
>
> I've seen a few threads regarding this in the samba general but no replies
> so forgive if off topic slightly but could really do with some hints..
>
> Relevant bits from my smb.conf are below.
>
>
>
> [global]
> workgroup = DOMAIN2
> guest account = nobody
> keep alive = 30
> os level = 2
> kernel oplocks = false
> security = domain
> encrypt passwords = yes
> socket options = TCP_NODELAY
> map to guest = Bad User
> wins server = 192.168.1.80
> netbios name = samba1
> winbind uid = 1000-2000
> winbind gid = 1000-2000
> winbind cache time = 10
> winbind separator = +
> password server = *
> log file = /var/log/samba
> log level = 1
>
> [share3]
> path = /share3
> comment = shared area
> read only = no
> browseable = yes
>
>
>
>
>
--
John H Terpstra
Email: jht at samba.org
More information about the samba-technical
mailing list