[Samba] Samba and POSIX ACLs
Sergei Gerasenko
gerases at gmail.com
Fri Aug 12 16:20:47 UTC 2016
It looks like this is a long known issue:
https://bugzilla.samba.org/show_bug.cgi?id=10792
On Fri, Aug 12, 2016 at 10:30 AM, Sergei Gerasenko <gerases at gmail.com>
wrote:
> Hi everybody,
>
> I know this has been discussed ad naseum, but I can't find an answer to my
> question precisely.
>
> My version of samba is 4.2.10.
>
> Here's my question. I have POSIX ACLs set on a directory like this:
>
> # file: .
> # owner: root
> # group: admin
> # flags: -s-
> user::rwx
> user:apache:rwx
> group::rwx
> group:admin:rwx
> mask::rwx
> other::r-x
> default:user::rwx
> default:user:apache:rwx
> default:group::rwx
> default:group:admin:rwx
> default:mask::rwx
> default:other::---
>
> When I create a file in that directory with the touch command on linux, I
> get:
>
> -rw-rw----+ 1 my_user_name admin 0 Aug 12 11:17 new
>
> ... which is what I want -- no exec bit set anywhere on the file itself
> (though I do want it on a directory).
>
> But when I create it through Samba, I get:
>
> -rw-rwx---+ 1 my_user_name admin 0 Aug 12 11:07 new
>
> I know that the ACL mask defines the maximum permissions and so since
> touch uses the 0666 create mode, the exec bit is not set. So far so good.
>
> Now to samba. The share has these controls:
>
> ...
> create mask = 0664
> ...
>
> When stracing the samba process, I see that 0664 is specified in the open
> system call, but following that, setxattr is called (not sure by samba or
> some kernel process), which must be setting the exec bit on the group?
>
> ...
> 96012 open("new", O_RDWR|O_CREAT|O_EXCL, 0664) = 40
> 96012 setxattr("New Text Document.txt", "system.posix_acl_access",
> LONG_HEX_STRING_HERE, 52, 0) = 0
> ...
>
>
> My question finally is: how do I make sure the exec bit on the group is *not
> *set?
>
> Thanks,
> Sergei
>
>
>
More information about the samba
mailing list