Frantisek Hanzlik
2013-Oct-13 13:39 UTC
[Samba] execute permissions missing after upgrade to Samba 4
After upgrading from samba-3.6.12 to samba-4.0.9 (Fedora 17 i686 ->
Fedora 19 i686, smb.conf stayed same) I see weird behavior - windows
client can not run executable files due to insufficient permissions.
However, when I in Linux set (with 'chmod u+x,g+x ...') execution bit
for these files, all is fine and windows client can run their.
It seems for me as samba4 (contrary to samba3) now check x bit for
some 'Read-And-Execute' (or how are executables called from windows)
and deny access although client has all other rights (read and write)
to this .exe file.
Data are stored on ext4 volume which is mounted with 'user_xattr acl'
option. My smb.conf look as (some IMO unimportant items omitted from
'testparm -s' output):
[global]
logon script = %m.bat
logon path domain logons = Yes
os level = 63
preferred master = Yes
domain master = Yes
wins support = Yes
idmap config * : backend = tdb
ea support = Yes
map archive = No
map readonly = no
store dos attributes = Yes
[info]
comment = Data info
path = /home/DATA/info
read list = @info
write list = @info
force group = info
create mask = 0770
directory mask = 0771
force create mode = 0660
force directory mode = 02770
-----------------
How is possible solve this issue? Win client self did not set x bit
on executables (e.g. when I from windows client extract ZIP archive
with executables, they have no x-bit set). Should Samba4 itself set
'Read-And-Execute' rights, either by settin x bit or by setting these
rights in extended attributes?
Thank in advance, Franta Hanzlik
Andrew Bartlett
2013-Oct-14 04:46 UTC
[Samba] execute permissions missing after upgrade to Samba 4
On Sun, 2013-10-13 at 15:39 +0200, Frantisek Hanzlik wrote:> After upgrading from samba-3.6.12 to samba-4.0.9 (Fedora 17 i686 -> > Fedora 19 i686, smb.conf stayed same) I see weird behavior - windows > client can not run executable files due to insufficient permissions. > However, when I in Linux set (with 'chmod u+x,g+x ...') execution bit > for these files, all is fine and windows client can run their. > It seems for me as samba4 (contrary to samba3) now check x bit for > some 'Read-And-Execute' (or how are executables called from windows) > and deny access although client has all other rights (read and write) > to this .exe file. > Data are stored on ext4 volume which is mounted with 'user_xattr acl' > option. My smb.conf look as (some IMO unimportant items omitted from > 'testparm -s' output): > > [global] > logon script = %m.bat > logon path > domain logons = Yes > os level = 63 > preferred master = Yes > domain master = Yes > wins support = Yes > idmap config * : backend = tdb > ea support = Yes > map archive = No > map readonly = no > store dos attributes = Yes > > [info] > comment = Data info > path = /home/DATA/info > read list = @info > write list = @info > force group = info > create mask = 0770 > directory mask = 0771 > force create mode = 0660 > force directory mode = 02770 > ----------------- > > How is possible solve this issue? Win client self did not set x bit > on executables (e.g. when I from windows client extract ZIP archive > with executables, they have no x-bit set). Should Samba4 itself set > 'Read-And-Execute' rights, either by settin x bit or by setting these > rights in extended attributes?See the new parameter in Samba 4.0.10 'acl allow execute always' Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz