[Samba] icacls 'DENY' and Unix user execute bit
Ken Bass
kbass at kenbass.com
Sun Nov 21 17:32:13 UTC 2021
On 11/20/21 4:25 AM, Rowland Penny via samba wrote:
> On Fri, 2021-11-19 at 19:00 -0500, Ken Bass via samba wrote:
>>>
>> Hi Rowland,
>>
>> On the SERVER side:
>>
>> -rwxrwx---+ 1 user testshare users 16 Nov 19 16:11 test.txt
> Yes, you are using ACL's, note the '+' at the end of the Unix
> permissions.
>
> What does 'getfacl test.txt' produce ?
>
>> On the CLIENT side, where this share is mounted via cifs in
>> /etc/fstab
>>
>> -rwxrw---- 1 user testshare users 16 Nov 19 16:11 test.txt
> However, the cifs mounted share doesn't seem to be using using ACL's
Looking further... I see via /proc/mounts that mount.cifs inserts
'nounix' into the mount options.
According to manpage
noposix|nounix|nolinux
Disable the Unix Extensions for this mount. This can be
useful in order to turn off multiple settings at once. This includes
POSIX acls, POSIX locks, POSIX
paths, symlink support and retrieving uids/gids/mode from
the server. This can also be useful to work around a bug in a server
that supports Unix Extensions.
So does this explain why there are no ACLs showing up on the client side
(no + sign in the ls -la)? And trying to enable it... 'VFS: Server does
not support mounting with posix SMB3.11 extensions'
Other than using SMB1, how are these ACL's showing up correctly for
other people?
(I am using Version 4.13.14-Ubuntu everywhere - clients, servers, and AD)
More information about the samba
mailing list