[Samba] Samba-created files with POSIX ACLs gaining execute bit
L.P.H. van Belle
belle at bazuin.nl
Tue Dec 18 08:28:10 UTC 2018
These are the latests.. And the Why, Andrew already explain.
Due to the mappings with windows acls.
If the exec bit is missing, no windows programm will be allowed to start of a share.
If i download an msi file to install and put it on a share, its not allowed to execute it.
Which is exact what i want in my case.
You might want to read
https://www.snia.org/sites/default/files/SDC/2016/presentations/smb/Jeremy_Allison_SMB3_and_Linux_A_Seamless_File_Sharing_Protocol.pdf
https://sambaxp.org/archive_data/media/05-Andreas-Gruenbacher_-_Linux_Samba_and_ACLs.pdf
These might help you a bit in understanding that what you want is not always possible..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: christian russell [mailto:christian.baltini at gmail.com]
> Verzonden: dinsdag 18 december 2018 9:02
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs
> gaining execute bit
>
> Hi Louis,
>
> Those were the docs I initially followed. I don’t see any
> mention in them as to why one would expect unusual (in Unix
> terms) execute permission values.
>
> If anybody could point me towards documentation of the
> expected permission behavior (esp. with POSIX ACLs) of modern
> Samba I would greatly appreciate it.
>
> Christian
>
> > On Dec 17, 2018, at 11:47 PM, L.P.H. van Belle via samba
> <samba at lists.samba.org> wrote:
> >
> >
> > Hai,
> >
> > The docs shown are a bit old, yes, i suggest start reading these.
> >
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Wind
> ows_ACLs
> >
> >
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs
> >
> > Look at the smb.conf man and search for acl ( or exec )
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> christian russell via samba
> >> Verzonden: dinsdag 18 december 2018 4:59
> >> Aan: Andrew Bartlett
> >> CC: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs
> >> gaining execute bit
> >>
> >> I figured something as much but all the docs I found pointed
> >> to the archive, hidden, and readonly attributes touching the
> >> execute bits (see here, for example:
> >> https://www.samba.org/samba/docs/using_samba/ch08.html#samba2-
> >> CHP-8-FIG-2
> >> <https://www.samba.org/samba/docs/using_samba/ch08.html#samba2
> >> -CHP-8-FIG-2>). That’s why I disabled those mappings in my
> >> smb.conf. Granted the docs I found were older — is this
> >> handled differently nowadays?
> >>
> >> In any event is there some way to prevent this behavior so I
> >> get sane permissions within the *nix environment?
> >>
> >> Thanks very much for your response.
> >>
> >> Christian
> >>
> >>> On Dec 17, 2018, at 7:02 PM, Andrew Bartlett
> >> <abartlet at samba.org> wrote:
> >>>
> >>> On Mon, 2018-12-17 at 18:56 -0800, christian russell via
> >> samba wrote:
> >>>> Hi all,
> >>>>
> >>>> I have a Samba share set up using POSIX ACLs as the
> >> permissions backend. I am seeing an issue where files
> >> created via the Samba get execute permissions whereas files
> >> created via shell do not.
> >>>
> >>> Samba maps the windows execute permission to the posix
> one, which is
> >>> why this happens.
> >>>
> >>> Andrew Bartlett
> >>>
> >>> --
> >>> Andrew Bartlett
> >>> https://samba.org/~abartlet/
> >>> Authentication Developer, Samba Team https://samba.org
> >>> Samba Development and Support, Catalyst IT
> >>> https://catalyst.net.nz/services/samba
> >>>
> >>>
> >>>
> >>>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list