[Samba] ACL defaults and masks

Andrew Bartlett abartlet at samba.org
Fri May 3 14:41:47 MDT 2013

On Tue, 2013-04-30 at 15:56 +0400, Александр Свиридов wrote:
>  Hello!
> In samba 3 we used create mask , force create..   to set file
> permisions. In samba 4 as I understand those options are  ignored and
> default acls are used instead. But, is it possible to set  by default
> different permisions on files and folders?  For example   on folders
> rwx, and on files rw-. Because I dont want to give x  permision to
> file as I think it can be dangerous. Thanks in advance.

These options are not ignored, but you can set an inheriting ACL if you
are using ACLs on that directory. 

Earlier Samba 4.0.x versions did incorrectly force these parameters, and
we made a security release and issued instructions on fixing the
permissions so incorrectly generated:


In terms of unix security, it is not a risk to have all files marked
execute, it may not look 'right', but any script can just be run with
it's interpreter, and any binary can be run with ld-*.so

Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list