[Samba] ACL execute bits always set

Juraj Hrubša jurino at gmail.com
Tue Nov 18 08:14:07 GMT 2008 

Hello

I have a problem with POSIX ACLs. I have created a directory with these
ACLs:

> getfacl .
# file: .
# owner: testuser
# group: tls
user::rwx
group::rwx
group:ptls:r-x
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:tls:rwx
default:group:ptls:r-x
default:mask::rwx
default:other::---


When I create a file in it, it inherits the containing directory's default
ACLs and it's ACL mask is set to rw- (for directory it would be rwx), which
essentialy marks it not executable.

> touch test
# getfacl test
# file: test
# owner: root
# group: root
user::rw-
group::rwx            #effective:rw-
group:tls:rwx            #effective:rw-
group:ptls:r-x            #effective:r--
mask::rw-
other::---


The problem arises when I create another file from a Windows machine on the
network drive which points to the same directory. The mask stays rwx as for
directory and file is executable.

> getfacl test.txt          ### Empty text file created in Windows
# file: test.txt
# owner: hrubsa
# group: hrubsa
user::rwx
group::rwx
group:tls:rwx
group:ptls:r-x
mask::rwx
other::---


Relevant part of smb.conf:
    read only = No
    create mask = 0666
    security mask = 0666
    inherit acls = Yes
    map acl inherit = Yes
    map archive = No
    map readonly = no
    store dos attributes = Yes
    wide links = No


After setting inherit acls = No, the create/security mask were applied to
standard unix permissions, but not on ACL entries.

> getfacl test2.txt
# file: test2.txt
# owner: hrubsa
# group: hrubsa
user::rw-
group::rw-
group:tls:rwx
group:ptls:r-x
mask::rwx
other::rw-


The problem is I need to share this directory through samba and use it on
Debian Linux at the same time, I don't want all files created in Windows to
be executable in Linux. Maybe I'm blind and I don't see the way to configure
it, maybe it has to be changed in samba source to allow this behavior
(setting mode when creating new files?).

What do you think?

Thank you for your answers

-- 

Regards
Juraj Hrubsa

More information about the samba mailing list