change in behaviour regarding "open for execute" from 3.6 to 4.0
ddiss at suse.de
Tue Sep 3 09:25:57 MDT 2013
On Mon, 2 Sep 2013 17:56:07 +0200
Michael Adam <obnox at samba.org> wrote:
> in Samba 3.6, "open for execution" was successful even if the
> user had no execute permissions.
> In Samba 4.0 this was fixed by doing a proper ACL-check against
> the provided access_mask.
> While this is correct, it is a potential problem for those migrating
> their fileserver from Samba 3.6 (or older) to Samba 4.0 (or newer),
> since they need to audit their files for missing x-bits in
> Because quite a number of people have already stumbled across
> this, the attached patchset introduces a new smb.conf-parameter
> "acl execute compatibility mode"
> Which (when set to True) re-establishes the old behaviour.
> It is meant as a workaround for a transition period until
> the file permissions have been fixed..
> Comment / review / push appreciated..
The code looks okay, but I'd prefer an option that better represents
the changed behaviour, e.g. "acl allow execute always" or similar.
More information about the samba-technical