change in behaviour regarding "open for execute" from 3.6 to 4.0

David Disseldorp ddiss at
Tue Sep 3 09:25:57 MDT 2013

Hi Michael,

On Mon, 2 Sep 2013 17:56:07 +0200
Michael Adam <obnox at> wrote:

> Hi,
> in Samba 3.6, "open for execution" was successful even if the
> user had no execute permissions.
> In Samba 4.0 this was fixed by doing a proper ACL-check against
> the provided access_mask.
> While this is correct, it is a potential problem for those migrating
> their fileserver from Samba 3.6 (or older) to Samba 4.0 (or newer),
> since they need to audit their files for missing x-bits in
> acls/permissions...
> Because quite a number of people have already stumbled across
> this, the attached patchset introduces a new smb.conf-parameter
>   "acl execute compatibility mode"
> Which (when set to True) re-establishes the old behaviour.
> It is meant as a workaround for a transition period until
> the file permissions have been fixed..
> Comment / review / push appreciated..

The code looks okay, but I'd prefer an option that better represents
the changed behaviour, e.g. "acl allow execute always" or similar.

Cheers, David

More information about the samba-technical mailing list