[Samba] icacls 'DENY' and Unix user execute bit

Michael Evans michael.evans at nor-consult.com
Mon Nov 22 02:19:53 UTC 2021


> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Ken
> Bass via samba
> Sent: Sunday, November 21, 2021 11:14 AM
> To: samba at lists.samba.org
> Subject: Re: [Samba] icacls 'DENY' and Unix user execute bit
> 
> On 11/21/21 1:51 PM, Rowland Penny via samba wrote:
> >
> > If you are mounting a share using mount.cifs, then you are not using
> > Samba. If the mount is changing the permissions, you need to read 'man
> > mount.cifs'. If another program is changing the permissions, then you
> > need to ask that programs developers, just why it does this.
> >
> > Rowland
> 
> So how does one access a share under Linux without using CIFS? Am I
> missing something? Is there some other method?
> 

You could try setting up NFSv4 or NFSv3 for unix-like to unix-like file
sharing.  NFS doesn't include authentication nor authorization other than
matching IP addresses, so you might improve security by using a VPN tunnel
and thus enforcing machine to machine client ID based on cryptographic
identity.

It looks like Kerberos based (gss?) authentication can also be used to
protect an NFS share. mount -o vers=4,sec=krb5  You should really read the
manual pages and evaluate a security mechanism that works for your needs.

If you don't frequently modify files sshfs (fuse) might also be an option,
particularly with key-based authentication.




More information about the samba mailing list