[Samba] icacls 'DENY' and Unix user execute bit

Michael Evans michael.evans at nor-consult.com
Mon Nov 22 02:19:53 UTC 2021

> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Ken
> Bass via samba
> Sent: Sunday, November 21, 2021 11:14 AM
> To: samba at lists.samba.org
> Subject: Re: [Samba] icacls 'DENY' and Unix user execute bit
> On 11/21/21 1:51 PM, Rowland Penny via samba wrote:
> >
> > If you are mounting a share using mount.cifs, then you are not using
> > Samba. If the mount is changing the permissions, you need to read 'man
> > mount.cifs'. If another program is changing the permissions, then you
> > need to ask that programs developers, just why it does this.
> >
> > Rowland
> So how does one access a share under Linux without using CIFS? Am I
> missing something? Is there some other method?

You could try setting up NFSv4 or NFSv3 for unix-like to unix-like file
sharing.  NFS doesn't include authentication nor authorization other than
matching IP addresses, so you might improve security by using a VPN tunnel
and thus enforcing machine to machine client ID based on cryptographic

It looks like Kerberos based (gss?) authentication can also be used to
protect an NFS share. mount -o vers=4,sec=krb5  You should really read the
manual pages and evaluate a security mechanism that works for your needs.

If you don't frequently modify files sshfs (fuse) might also be an option,
particularly with key-based authentication.

More information about the samba mailing list