[Samba] Samba-created files with POSIX ACLs gaining execute bit

Tue Dec 18 08:28:10 UTC 2018

These are the latests.. And the Why, Andrew already explain. 
Due to the mappings with windows acls. 

If the exec bit is missing, no windows programm will be allowed to start of a share. 
If i download an msi file to install and put it on a share, its not allowed to execute it. 
Which is exact what i want in my case. 

You might want to read
https://www.snia.org/sites/default/files/SDC/2016/presentations/smb/Jeremy_Allison_SMB3_and_Linux_A_Seamless_File_Sharing_Protocol.pdf
https://sambaxp.org/archive_data/media/05-Andreas-Gruenbacher_-_Linux_Samba_and_ACLs.pdf 

These might help you a bit in understanding that what you want is not always possible..

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: christian russell [mailto:christian.baltini at gmail.com] 
> Verzonden: dinsdag 18 december 2018 9:02
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs 
> gaining execute bit
> 
> Hi Louis,
> 
> Those were the docs I initially followed.  I don’t see any 
> mention in them as to why one would expect unusual (in Unix 
> terms) execute permission values.
> 
> If anybody could point me towards documentation of the 
> expected permission behavior (esp. with POSIX ACLs) of modern 
> Samba I would greatly appreciate it.
> 
> Christian
> 
> > On Dec 17, 2018, at 11:47 PM, L.P.H. van Belle via samba 
> <samba at lists.samba.org> wrote:
> > 
> > 
> > Hai, 
> > 
> > The docs shown are a bit old, yes, i suggest start reading these. 
> > 
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Wind
> ows_ACLs 
> > 
> > 
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs 
> > 
> > Look at the smb.conf man and search for acl ( or exec ) 
> > 
> > 
> > Greetz, 
> > 
> > Louis
> > 
> > 
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> >> christian russell via samba
> >> Verzonden: dinsdag 18 december 2018 4:59
> >> Aan: Andrew Bartlett
> >> CC: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs 
> >> gaining execute bit
> >> 
> >> I figured something as much but all the docs I found pointed 
> >> to the archive, hidden, and readonly attributes touching the 
> >> execute bits (see here, for example: 
> >> https://www.samba.org/samba/docs/using_samba/ch08.html#samba2-
> >> CHP-8-FIG-2 
> >> <https://www.samba.org/samba/docs/using_samba/ch08.html#samba2
> >> -CHP-8-FIG-2>).  That’s why I disabled those mappings in my 
> >> smb.conf.  Granted the docs I found were older — is this 
> >> handled differently nowadays?
> >> 
> >> In any event is there some way to prevent this behavior so I 
> >> get sane permissions within the *nix environment?
> >> 
> >> Thanks very much for your response.
> >> 
> >> Christian
> >> 
> >>> On Dec 17, 2018, at 7:02 PM, Andrew Bartlett 
> >> <abartlet at samba.org> wrote:
> >>> 
> >>> On Mon, 2018-12-17 at 18:56 -0800, christian russell via 
> >> samba wrote:
> >>>> Hi all,
> >>>> 
> >>>> I have a Samba share set up using POSIX ACLs as the 
> >> permissions backend.  I am seeing an issue where files 
> >> created via the Samba get execute permissions whereas files 
> >> created via shell do not.  
> >>> 
> >>> Samba maps the windows execute permission to the posix 
> one, which is
> >>> why this happens.
> >>> 
> >>> Andrew Bartlett
> >>> 
> >>> -- 
> >>> Andrew Bartlett
> >>> https://samba.org/~abartlet/
> >>> Authentication Developer, Samba Team         https://samba.org
> >>> Samba Development and Support, Catalyst IT   
> >>> https://catalyst.net.nz/services/samba
> >>> 
> >>> 
> >>> 
> >>> 
> >> 
> >> -- 
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >> 
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> 