[Samba] Samba-created files with POSIX ACLs gaining execute bit
christian russell
christian.baltini at gmail.com
Thu Dec 20 03:32:43 UTC 2018
Hi all,
The part that I don’t understand is why the behavior is different when there are ACLs involved.
Take the below example:
# This share is chmod 777,
[share1]
path = /srv/share1 # mode is 0777, no ACLs
readonly = no
create mask = 0660
[share2]
path = /srv/share2 # mode is 0770, ACLs
readonly = no
inherit acts = yes
create mask = 0660
share1 acts exactly as expected — I get a 0660 permissions.
[root at samba share1]# pwd && ls -l
/srv/share1
total 0
-rw-rw---- 1 christian root 0 Dec 19 19:17 file
share2, gets 0770 permissions only because there are ACLs applied on the file.
[root at samba share2]# pwd && ls -l
/srv/share2
total 0
-rwxrwx---+ 1 christian root 0 Dec 19 19:17 file
I don’t understand how the execute bit is necessary to map functionality when ACLs are present and not when using traditional Unix permissions — if anything the reverse makes more sense.
This bug report appears to identify exactly where in the code the phenomenon arises from: https://bugzilla.samba.org/show_bug.cgi?id=12716 <https://bugzilla.samba.org/show_bug.cgi?id=12716>
If this is in fact expected behavior it would be good to document as there seems to be a decent amount of confusing resulting.
Christian
> On Dec 18, 2018, at 12:28 AM, L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
>
> These are the latests.. And the Why, Andrew already explain.
> Due to the mappings with windows acls.
>
> If the exec bit is missing, no windows programm will be allowed to start of a share.
> If i download an msi file to install and put it on a share, its not allowed to execute it.
> Which is exact what i want in my case.
>
> You might want to read
> https://www.snia.org/sites/default/files/SDC/2016/presentations/smb/Jeremy_Allison_SMB3_and_Linux_A_Seamless_File_Sharing_Protocol.pdf
> https://sambaxp.org/archive_data/media/05-Andreas-Gruenbacher_-_Linux_Samba_and_ACLs.pdf
>
> These might help you a bit in understanding that what you want is not always possible..
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: christian russell [mailto:christian.baltini at gmail.com]
>> Verzonden: dinsdag 18 december 2018 9:02
>> Aan: L.P.H. van Belle
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs
>> gaining execute bit
>>
>> Hi Louis,
>>
>> Those were the docs I initially followed. I don’t see any
>> mention in them as to why one would expect unusual (in Unix
>> terms) execute permission values.
>>
>> If anybody could point me towards documentation of the
>> expected permission behavior (esp. with POSIX ACLs) of modern
>> Samba I would greatly appreciate it.
>>
>> Christian
>>
>>> On Dec 17, 2018, at 11:47 PM, L.P.H. van Belle via samba
>> <samba at lists.samba.org> wrote:
>>>
>>>
>>> Hai,
>>>
>>> The docs shown are a bit old, yes, i suggest start reading these.
>>>
>> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Wind
>> ows_ACLs
>>>
>>>
>> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs
>>>
>>> Look at the smb.conf man and search for acl ( or exec )
>>>
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>> christian russell via samba
>>>> Verzonden: dinsdag 18 december 2018 4:59
>>>> Aan: Andrew Bartlett
>>>> CC: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs
>>>> gaining execute bit
>>>>
>>>> I figured something as much but all the docs I found pointed
>>>> to the archive, hidden, and readonly attributes touching the
>>>> execute bits (see here, for example:
>>>> https://www.samba.org/samba/docs/using_samba/ch08.html#samba2-
>>>> CHP-8-FIG-2
>>>> <https://www.samba.org/samba/docs/using_samba/ch08.html#samba2
>>>> -CHP-8-FIG-2>). That’s why I disabled those mappings in my
>>>> smb.conf. Granted the docs I found were older — is this
>>>> handled differently nowadays?
>>>>
>>>> In any event is there some way to prevent this behavior so I
>>>> get sane permissions within the *nix environment?
>>>>
>>>> Thanks very much for your response.
>>>>
>>>> Christian
>>>>
>>>>> On Dec 17, 2018, at 7:02 PM, Andrew Bartlett
>>>> <abartlet at samba.org> wrote:
>>>>>
>>>>> On Mon, 2018-12-17 at 18:56 -0800, christian russell via
>>>> samba wrote:
>>>>>> Hi all,
>>>>>>
>>>>>> I have a Samba share set up using POSIX ACLs as the
>>>> permissions backend. I am seeing an issue where files
>>>> created via the Samba get execute permissions whereas files
>>>> created via shell do not.
>>>>>
>>>>> Samba maps the windows execute permission to the posix
>> one, which is
>>>>> why this happens.
>>>>>
>>>>> Andrew Bartlett
>>>>>
>>>>> --
>>>>> Andrew Bartlett
>>>>> https://samba.org/~abartlet/
>>>>> Authentication Developer, Samba Team https://samba.org
>>>>> Samba Development and Support, Catalyst IT
>>>>> https://catalyst.net.nz/services/samba
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list