[Samba] icacls 'DENY' and Unix user execute bit

Ken Bass kbass at kenbass.com
Fri Nov 19 21:44:13 UTC 2021

I am in some unfamiliar territory here and trying to troubleshoot why I 
am getting access denied. Maybe someone can provide some pointers or 

I am sharing via a samba share.

If the file is created on Windows, I see the following:

icacls test.txt

test.txt Everyone:

Under Linux the file permissions show as:

I can access the file no problem from either Linux or Windows.

If under Linux (Ubuntu - mounting the share via cifs),
I remove the users execute bit via 'chmod u-x test.txt',

I see the following:

icacls test.txt

test.txt MYDOM\user:(DENY)(D,WDAC,WO,WEA,X,WA)

And now under Windows I can no longer write to the file.

I do not understand how the execute bit maps to this whole 'DENY' 
concept. I thought the execute bit mapped to some Windows 'archive' flag.

On Linux, the share is mounted using CIFS (mount.cifs). I wonder if this 
is a CIFS problem. My system previously was all running Centos 7 and all 
of this worked. Now that I am running Ubuntu 20.04 LTS it has this issue.

The reason all this is a problem, is that a Linux application opens the 
file and when it writes/closes the file, the user execute bit gets removed.

More information about the samba mailing list