samba - Oct 2013 - execute permissions missing after upgrade to Samba 4

After upgrading from samba-3.6.12 to samba-4.0.9 (Fedora 17 i686 ->
 Fedora 19 i686, smb.conf stayed same) I see weird behavior - windows
client can not run executable files due to insufficient permissions.
However, when I in Linux set (with 'chmod u+x,g+x ...') execution bit
for these files, all is fine and windows client can run their.
It seems for me as samba4 (contrary to samba3) now check x bit for
some 'Read-And-Execute' (or how are executables called from windows)
and deny access although client has all other rights (read and write)
to this .exe file.
Data are stored on ext4 volume which is mounted with 'user_xattr acl'
option. My smb.conf look as (some IMO unimportant items omitted from
'testparm -s' output):

[global]
        logon script = %m.bat
        logon path         domain logons = Yes
        os level = 63
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        idmap config * : backend = tdb
        ea support = Yes
        map archive = No
        map readonly = no
        store dos attributes = Yes

[info]
        comment = Data info
        path = /home/DATA/info
        read list = @info
        write list = @info
        force group = info
        create mask = 0770
        directory mask = 0771
        force create mode = 0660
        force directory mode = 02770
-----------------

How is possible solve this issue? Win client self did not set x bit
on executables (e.g. when I from windows client extract ZIP archive
with executables, they have no x-bit set). Should Samba4 itself set
'Read-And-Execute' rights, either by settin x bit or by setting these
rights in extended attributes?

Thank in advance, Franta Hanzlik

On Sun, 2013-10-13 at 15:39 +0200, Frantisek Hanzlik
wrote:
> After upgrading from samba-3.6.12 to samba-4.0.9 (Fedora 17 i686 ->
>  Fedora 19 i686, smb.conf stayed same) I see weird behavior - windows
> client can not run executable files due to insufficient permissions.
> However, when I in Linux set (with 'chmod u+x,g+x ...') execution
bit
> for these files, all is fine and windows client can run their.
> It seems for me as samba4 (contrary to samba3) now check x bit for
> some 'Read-And-Execute' (or how are executables called from
windows)
> and deny access although client has all other rights (read and write)
> to this .exe file.
> Data are stored on ext4 volume which is mounted with 'user_xattr
acl'
> option. My smb.conf look as (some IMO unimportant items omitted from
> 'testparm -s' output):
> 
> [global]
>         logon script = %m.bat
>         logon path >         domain logons = Yes
>         os level = 63
>         preferred master = Yes
>         domain master = Yes
>         wins support = Yes
>         idmap config * : backend = tdb
>         ea support = Yes
>         map archive = No
>         map readonly = no
>         store dos attributes = Yes
> 
> [info]
>         comment = Data info
>         path = /home/DATA/info
>         read list = @info
>         write list = @info
>         force group = info
>         create mask = 0770
>         directory mask = 0771
>         force create mode = 0660
>         force directory mode = 02770
> -----------------
> 
> How is possible solve this issue? Win client self did not set x bit
> on executables (e.g. when I from windows client extract ZIP archive
> with executables, they have no x-bit set). Should Samba4 itself set
> 'Read-And-Execute' rights, either by settin x bit or by setting
these
> rights in extended attributes?
See the new parameter in Samba 4.0.10 'acl allow execute always'

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Catalyst IT                   http://catalyst.net.nz