[Samba] execute permissions missing after upgrade to Samba 4

Frantisek Hanzlik franta at hanzlici.cz
Mon Oct 14 00:43:30 MDT 2013 

Andrew Bartlett wrote:
> On Sun, 2013-10-13 at 15:39 +0200, Frantisek Hanzlik wrote:
>> After upgrading from samba-3.6.12 to samba-4.0.9 (Fedora 17 i686 ->
>>  Fedora 19 i686, smb.conf stayed same) I see weird behavior - windows
>> client can not run executable files due to insufficient permissions.
>> However, when I in Linux set (with 'chmod u+x,g+x ...') execution bit
>> for these files, all is fine and windows client can run their.
>> It seems for me as samba4 (contrary to samba3) now check x bit for
>> some 'Read-And-Execute' (or how are executables called from windows)
>> and deny access although client has all other rights (read and write)
>> to this .exe file.
>> Data are stored on ext4 volume which is mounted with 'user_xattr acl'
>> option. My smb.conf look as (some IMO unimportant items omitted from
>> 'testparm -s' output):
>>
>> [global]
>>         logon script = %m.bat
>>         logon path =
>>         domain logons = Yes
>>         os level = 63
>>         preferred master = Yes
>>         domain master = Yes
>>         wins support = Yes
>>         idmap config * : backend = tdb
>>         ea support = Yes
>>         map archive = No
>>         map readonly = no
>>         store dos attributes = Yes
>>
>> [info]
>>         comment = Data info
>>         path = /home/DATA/info
>>         read list = @info
>>         write list = @info
>>         force group = info
>>         create mask = 0770
>>         directory mask = 0771
>>         force create mode = 0660
>>         force directory mode = 02770
>> -----------------
>>
>> How is possible solve this issue? Win client self did not set x bit
>> on executables (e.g. when I from windows client extract ZIP archive
>> with executables, they have no x-bit set). Should Samba4 itself set
>> 'Read-And-Execute' rights, either by settin x bit or by setting these
>> rights in extended attributes?
> 
> See the new parameter in Samba 4.0.10 'acl allow execute always'
> 
> Andrew Bartlett

Andrew, thanks for help. Unfortunately, my distro (Fedora 19) still not
has Samba 4.0.10 by that time, and maybe in older, still active, Fedora
18 this version will never be. Please is this problem solvable on Samba4
prior v4.0.10?
One solution which invades me is "force create mode = 0770" (no Linux
user/program access files on these shares), but from Linux view, x bit
on data files looks terribly :)
Thanks, Franta Hanzlik

More information about the samba mailing list