[Samba] execute permissions missing after upgrade to Samba 4

Andrew Bartlett abartlet at samba.org
Sun Oct 13 22:46:15 MDT 2013 

On Sun, 2013-10-13 at 15:39 +0200, Frantisek Hanzlik wrote:
> After upgrading from samba-3.6.12 to samba-4.0.9 (Fedora 17 i686 ->
>  Fedora 19 i686, smb.conf stayed same) I see weird behavior - windows
> client can not run executable files due to insufficient permissions.
> However, when I in Linux set (with 'chmod u+x,g+x ...') execution bit
> for these files, all is fine and windows client can run their.
> It seems for me as samba4 (contrary to samba3) now check x bit for
> some 'Read-And-Execute' (or how are executables called from windows)
> and deny access although client has all other rights (read and write)
> to this .exe file.
> Data are stored on ext4 volume which is mounted with 'user_xattr acl'
> option. My smb.conf look as (some IMO unimportant items omitted from
> 'testparm -s' output):
> 
> [global]
>         logon script = %m.bat
>         logon path =
>         domain logons = Yes
>         os level = 63
>         preferred master = Yes
>         domain master = Yes
>         wins support = Yes
>         idmap config * : backend = tdb
>         ea support = Yes
>         map archive = No
>         map readonly = no
>         store dos attributes = Yes
> 
> [info]
>         comment = Data info
>         path = /home/DATA/info
>         read list = @info
>         write list = @info
>         force group = info
>         create mask = 0770
>         directory mask = 0771
>         force create mode = 0660
>         force directory mode = 02770
> -----------------
> 
> How is possible solve this issue? Win client self did not set x bit
> on executables (e.g. when I from windows client extract ZIP archive
> with executables, they have no x-bit set). Should Samba4 itself set
> 'Read-And-Execute' rights, either by settin x bit or by setting these
> rights in extended attributes?

See the new parameter in Samba 4.0.10 'acl allow execute always'

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Catalyst IT                   http://catalyst.net.nz

More information about the samba mailing list