L.P.H. van Belle
2018-Dec-18 07:47 UTC
[Samba] Samba-created files with POSIX ACLs gaining execute bit
Hai, The docs shown are a bit old, yes, i suggest start reading these. https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs Look at the smb.conf man and search for acl ( or exec ) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > christian russell via samba > Verzonden: dinsdag 18 december 2018 4:59 > Aan: Andrew Bartlett > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs > gaining execute bit > > I figured something as much but all the docs I found pointed > to the archive, hidden, and readonly attributes touching the > execute bits (see here, for example: > https://www.samba.org/samba/docs/using_samba/ch08.html#samba2- > CHP-8-FIG-2 > <https://www.samba.org/samba/docs/using_samba/ch08.html#samba2 > -CHP-8-FIG-2>). That’s why I disabled those mappings in my > smb.conf. Granted the docs I found were older — is this > handled differently nowadays? > > In any event is there some way to prevent this behavior so I > get sane permissions within the *nix environment? > > Thanks very much for your response. > > Christian > > > On Dec 17, 2018, at 7:02 PM, Andrew Bartlett > <abartlet at samba.org> wrote: > > > > On Mon, 2018-12-17 at 18:56 -0800, christian russell via > samba wrote: > >> Hi all, > >> > >> I have a Samba share set up using POSIX ACLs as the > permissions backend. I am seeing an issue where files > created via the Samba get execute permissions whereas files > created via shell do not. > > > > Samba maps the windows execute permission to the posix one, which is > > why this happens. > > > > Andrew Bartlett > > > > -- > > Andrew Bartlett > > https://samba.org/~abartlet/ > > Authentication Developer, Samba Team https://samba.org > > Samba Development and Support, Catalyst IT > > https://catalyst.net.nz/services/samba > > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
christian russell
2018-Dec-18 08:02 UTC
[Samba] Samba-created files with POSIX ACLs gaining execute bit
Hi Louis, Those were the docs I initially followed. I don’t see any mention in them as to why one would expect unusual (in Unix terms) execute permission values. If anybody could point me towards documentation of the expected permission behavior (esp. with POSIX ACLs) of modern Samba I would greatly appreciate it. Christian> On Dec 17, 2018, at 11:47 PM, L.P.H. van Belle via samba <samba at lists.samba.org> wrote: > > > Hai, > > The docs shown are a bit old, yes, i suggest start reading these. > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs > > Look at the smb.conf man and search for acl ( or exec ) > > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> christian russell via samba >> Verzonden: dinsdag 18 december 2018 4:59 >> Aan: Andrew Bartlett >> CC: samba at lists.samba.org >> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs >> gaining execute bit >> >> I figured something as much but all the docs I found pointed >> to the archive, hidden, and readonly attributes touching the >> execute bits (see here, for example: >> https://www.samba.org/samba/docs/using_samba/ch08.html#samba2- >> CHP-8-FIG-2 >> <https://www.samba.org/samba/docs/using_samba/ch08.html#samba2 >> -CHP-8-FIG-2>). That’s why I disabled those mappings in my >> smb.conf. Granted the docs I found were older — is this >> handled differently nowadays? >> >> In any event is there some way to prevent this behavior so I >> get sane permissions within the *nix environment? >> >> Thanks very much for your response. >> >> Christian >> >>> On Dec 17, 2018, at 7:02 PM, Andrew Bartlett >> <abartlet at samba.org> wrote: >>> >>> On Mon, 2018-12-17 at 18:56 -0800, christian russell via >> samba wrote: >>>> Hi all, >>>> >>>> I have a Samba share set up using POSIX ACLs as the >> permissions backend. I am seeing an issue where files >> created via the Samba get execute permissions whereas files >> created via shell do not. >>> >>> Samba maps the windows execute permission to the posix one, which is >>> why this happens. >>> >>> Andrew Bartlett >>> >>> -- >>> Andrew Bartlett >>> https://samba.org/~abartlet/ >>> Authentication Developer, Samba Team https://samba.org >>> Samba Development and Support, Catalyst IT >>> https://catalyst.net.nz/services/samba >>> >>> >>> >>> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
L.P.H. van Belle
2018-Dec-18 08:28 UTC
[Samba] Samba-created files with POSIX ACLs gaining execute bit
These are the latests.. And the Why, Andrew already explain. Due to the mappings with windows acls. If the exec bit is missing, no windows programm will be allowed to start of a share. If i download an msi file to install and put it on a share, its not allowed to execute it. Which is exact what i want in my case. You might want to read https://www.snia.org/sites/default/files/SDC/2016/presentations/smb/Jeremy_Allison_SMB3_and_Linux_A_Seamless_File_Sharing_Protocol.pdf https://sambaxp.org/archive_data/media/05-Andreas-Gruenbacher_-_Linux_Samba_and_ACLs.pdf These might help you a bit in understanding that what you want is not always possible.. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: christian russell [mailto:christian.baltini at gmail.com] > Verzonden: dinsdag 18 december 2018 9:02 > Aan: L.P.H. van Belle > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs > gaining execute bit > > Hi Louis, > > Those were the docs I initially followed. I don’t see any > mention in them as to why one would expect unusual (in Unix > terms) execute permission values. > > If anybody could point me towards documentation of the > expected permission behavior (esp. with POSIX ACLs) of modern > Samba I would greatly appreciate it. > > Christian > > > On Dec 17, 2018, at 11:47 PM, L.P.H. van Belle via samba > <samba at lists.samba.org> wrote: > > > > > > Hai, > > > > The docs shown are a bit old, yes, i suggest start reading these. > > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Wind > ows_ACLs > > > > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs > > > > Look at the smb.conf man and search for acl ( or exec ) > > > > > > Greetz, > > > > Louis > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens > >> christian russell via samba > >> Verzonden: dinsdag 18 december 2018 4:59 > >> Aan: Andrew Bartlett > >> CC: samba at lists.samba.org > >> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs > >> gaining execute bit > >> > >> I figured something as much but all the docs I found pointed > >> to the archive, hidden, and readonly attributes touching the > >> execute bits (see here, for example: > >> https://www.samba.org/samba/docs/using_samba/ch08.html#samba2- > >> CHP-8-FIG-2 > >> <https://www.samba.org/samba/docs/using_samba/ch08.html#samba2 > >> -CHP-8-FIG-2>). That’s why I disabled those mappings in my > >> smb.conf. Granted the docs I found were older — is this > >> handled differently nowadays? > >> > >> In any event is there some way to prevent this behavior so I > >> get sane permissions within the *nix environment? > >> > >> Thanks very much for your response. > >> > >> Christian > >> > >>> On Dec 17, 2018, at 7:02 PM, Andrew Bartlett > >> <abartlet at samba.org> wrote: > >>> > >>> On Mon, 2018-12-17 at 18:56 -0800, christian russell via > >> samba wrote: > >>>> Hi all, > >>>> > >>>> I have a Samba share set up using POSIX ACLs as the > >> permissions backend. I am seeing an issue where files > >> created via the Samba get execute permissions whereas files > >> created via shell do not. > >>> > >>> Samba maps the windows execute permission to the posix > one, which is > >>> why this happens. > >>> > >>> Andrew Bartlett > >>> > >>> -- > >>> Andrew Bartlett > >>> https://samba.org/~abartlet/ > >>> Authentication Developer, Samba Team https://samba.org > >>> Samba Development and Support, Catalyst IT > >>> https://catalyst.net.nz/services/samba > >>> > >>> > >>> > >>> > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > >
christian russell
2018-Dec-20 03:32 UTC
[Samba] Samba-created files with POSIX ACLs gaining execute bit
Hi all, The part that I don’t understand is why the behavior is different when there are ACLs involved. Take the below example: # This share is chmod 777, [share1] path = /srv/share1 # mode is 0777, no ACLs readonly = no create mask = 0660 [share2] path = /srv/share2 # mode is 0770, ACLs readonly = no inherit acts = yes create mask = 0660 share1 acts exactly as expected — I get a 0660 permissions. [root at samba share1]# pwd && ls -l /srv/share1 total 0 -rw-rw---- 1 christian root 0 Dec 19 19:17 file share2, gets 0770 permissions only because there are ACLs applied on the file. [root at samba share2]# pwd && ls -l /srv/share2 total 0 -rwxrwx---+ 1 christian root 0 Dec 19 19:17 file I don’t understand how the execute bit is necessary to map functionality when ACLs are present and not when using traditional Unix permissions — if anything the reverse makes more sense. This bug report appears to identify exactly where in the code the phenomenon arises from: https://bugzilla.samba.org/show_bug.cgi?id=12716 <https://bugzilla.samba.org/show_bug.cgi?id=12716> If this is in fact expected behavior it would be good to document as there seems to be a decent amount of confusing resulting. Christian> On Dec 18, 2018, at 12:28 AM, L.P.H. van Belle via samba <samba at lists.samba.org> wrote: > > These are the latests.. And the Why, Andrew already explain. > Due to the mappings with windows acls. > > If the exec bit is missing, no windows programm will be allowed to start of a share. > If i download an msi file to install and put it on a share, its not allowed to execute it. > Which is exact what i want in my case. > > You might want to read > https://www.snia.org/sites/default/files/SDC/2016/presentations/smb/Jeremy_Allison_SMB3_and_Linux_A_Seamless_File_Sharing_Protocol.pdf > https://sambaxp.org/archive_data/media/05-Andreas-Gruenbacher_-_Linux_Samba_and_ACLs.pdf > > These might help you a bit in understanding that what you want is not always possible.. > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: christian russell [mailto:christian.baltini at gmail.com] >> Verzonden: dinsdag 18 december 2018 9:02 >> Aan: L.P.H. van Belle >> CC: samba at lists.samba.org >> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs >> gaining execute bit >> >> Hi Louis, >> >> Those were the docs I initially followed. I don’t see any >> mention in them as to why one would expect unusual (in Unix >> terms) execute permission values. >> >> If anybody could point me towards documentation of the >> expected permission behavior (esp. with POSIX ACLs) of modern >> Samba I would greatly appreciate it. >> >> Christian >> >>> On Dec 17, 2018, at 11:47 PM, L.P.H. van Belle via samba >> <samba at lists.samba.org> wrote: >>> >>> >>> Hai, >>> >>> The docs shown are a bit old, yes, i suggest start reading these. >>> >> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Wind >> ows_ACLs >>> >>> >> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs >>> >>> Look at the smb.conf man and search for acl ( or exec ) >>> >>> >>> Greetz, >>> >>> Louis >>> >>> >>>> -----Oorspronkelijk bericht----- >>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >>>> christian russell via samba >>>> Verzonden: dinsdag 18 december 2018 4:59 >>>> Aan: Andrew Bartlett >>>> CC: samba at lists.samba.org >>>> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs >>>> gaining execute bit >>>> >>>> I figured something as much but all the docs I found pointed >>>> to the archive, hidden, and readonly attributes touching the >>>> execute bits (see here, for example: >>>> https://www.samba.org/samba/docs/using_samba/ch08.html#samba2- >>>> CHP-8-FIG-2 >>>> <https://www.samba.org/samba/docs/using_samba/ch08.html#samba2 >>>> -CHP-8-FIG-2>). That’s why I disabled those mappings in my >>>> smb.conf. Granted the docs I found were older — is this >>>> handled differently nowadays? >>>> >>>> In any event is there some way to prevent this behavior so I >>>> get sane permissions within the *nix environment? >>>> >>>> Thanks very much for your response. >>>> >>>> Christian >>>> >>>>> On Dec 17, 2018, at 7:02 PM, Andrew Bartlett >>>> <abartlet at samba.org> wrote: >>>>> >>>>> On Mon, 2018-12-17 at 18:56 -0800, christian russell via >>>> samba wrote: >>>>>> Hi all, >>>>>> >>>>>> I have a Samba share set up using POSIX ACLs as the >>>> permissions backend. I am seeing an issue where files >>>> created via the Samba get execute permissions whereas files >>>> created via shell do not. >>>>> >>>>> Samba maps the windows execute permission to the posix >> one, which is >>>>> why this happens. >>>>> >>>>> Andrew Bartlett >>>>> >>>>> -- >>>>> Andrew Bartlett >>>>> https://samba.org/~abartlet/ >>>>> Authentication Developer, Samba Team https://samba.org >>>>> Samba Development and Support, Catalyst IT >>>>> https://catalyst.net.nz/services/samba >>>>> >>>>> >>>>> >>>>> >>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >> >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Apparently Analagous Threads
- Samba-created files with POSIX ACLs gaining execute bit
- Samba-created files with POSIX ACLs gaining execute bit
- Samba-created files with POSIX ACLs gaining execute bit
- Samba-created files with POSIX ACLs gaining execute bit
- Samba-created files with POSIX ACLs gaining execute bit