An extra 'executable' bit is seen when POSIX ACL is used by Samba

Dmitry Butskoy buc at
Fri Sep 15 15:16:06 GMT 2006

When POSIX ACLis used, some files created by Samba appears as "have 
extra group-executable bit". For example, "ls -l" command shows 
"-rw-rwxr--" instead of "-rw-rw-r--" .

Such a behaviour is caused by the 
source/smbd/posix_alcs.c:chmos_acl_internals() code, the appropriate 
code fragment is:

         * FIXME: The ACL_MASK entry permissions should really be set to
         * the union of the permissions of all ACL_USER,
         * ACL_GROUP_OBJ, and ACL_GROUP entries. That's what
         * acl_calc_mask() does, but Samba ACLs doesn't provide it.
        perms = S_IRUSR|S_IWUSR|S_IXUSR;

where instead of some union computing or acl_calc_mask() call just "rwx" 
is used.

As many traditional UNIX utilities are focused on simple 
"owner/group/other" possibilities, such utilities are confused a little 
by this the 'extra' bit. I.e.:
* colored "ls -l" output shows the file as an executable, Midnight 
Commander and friends do the same;
* the system shell tries to execute this file after typing its filename 
and occasionally typing "enter" immediately after this;
* potentially the file with such an extra bit can be interpreted by 
Samba as "system" file (if "map system = yes")

For me, it seems to be a bug...

Is it correct just to change "rwx" to "rw-"? It would be the easiest 
temporary fix.

What the difficulties can be if to add acl_calc_mask() feature for Samba 
or compute right mask in chmod_acl_internals() code immediately?

I can do some tests if needed...

Dmitry Butskoy

More information about the samba-technical mailing list