[Samba] ACL defaults and masks
Andrew Bartlett
abartlet at samba.org
Fri May 3 14:41:47 MDT 2013
On Tue, 2013-04-30 at 15:56 +0400, Александр Свиридов wrote:
> Hello!
>
> In samba 3 we used create mask , force create.. to set file
> permisions. In samba 4 as I understand those options are ignored and
> default acls are used instead. But, is it possible to set by default
> different permisions on files and folders? For example on folders
> rwx, and on files rw-. Because I dont want to give x permision to
> file as I think it can be dangerous. Thanks in advance.
These options are not ignored, but you can set an inheriting ACL if you
are using ACLs on that directory.
Earlier Samba 4.0.x versions did incorrectly force these parameters, and
we made a security release and issued instructions on fixing the
permissions so incorrectly generated:
https://www.samba.org/samba/security/CVE-2013-1863
In terms of unix security, it is not a risk to have all files marked
execute, it may not look 'right', but any script can just be run with
it's interpreter, and any binary can be run with ld-*.so
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list