[Samba] icacls 'DENY' and Unix user execute bit

[Ken Bass]

I am in some unfamiliar territory here and trying to troubleshoot why I 
am getting access denied. Maybe someone can provide some pointers or 
suggestions.

I am sharing via a samba share.

If the file is created on Windows, I see the following:

icacls test.txt

test.txt Everyone:
          MYDOM\user:(I)(F)
          MYDOM\Group:(I)(F)

Under Linux the file permissions show as:
'-rwxrw----'

I can access the file no problem from either Linux or Windows.

If under Linux (Ubuntu - mounting the share via cifs),
I remove the users execute bit via 'chmod u-x test.txt',

I see the following:

icacls test.txt

test.txt MYDOM\user:(DENY)(D,WDAC,WO,WEA,X,WA)
          MYDOM\user:(R,W,D,WDAC,WO,DC)
          MYDOM\Group:(F)
          Everyone:(DC)

And now under Windows I can no longer write to the file.

I do not understand how the execute bit maps to this whole 'DENY' 
concept. I thought the execute bit mapped to some Windows 'archive' flag.

On Linux, the share is mounted using CIFS (mount.cifs). I wonder if this 
is a CIFS problem. My system previously was all running Centos 7 and all 
of this worked. Now that I am running Ubuntu 20.04 LTS it has this issue.

The reason all this is a problem, is that a Linux application opens the 
file and when it writes/closes the file, the user execute bit gets removed.