Web lists-archives.com

Re: [Samba] Samba-created files with POSIX ACLs gaining execute bit




These are the latests.. And the Why, Andrew already explain. 
Due to the mappings with windows acls. 

If the exec bit is missing, no windows programm will be allowed to start of a share. 
If i download an msi file to install and put it on a share, its not allowed to execute it. 
Which is exact what i want in my case. 

You might want to read
https://www.snia.org/sites/default/files/SDC/2016/presentations/smb/Jeremy_Allison_SMB3_and_Linux_A_Seamless_File_Sharing_Protocol.pdf
https://sambaxp.org/archive_data/media/05-Andreas-Gruenbacher_-_Linux_Samba_and_ACLs.pdf 

These might help you a bit in understanding that what you want is not always possible..

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: christian russell [mailto:christian.baltini@xxxxxxxxx] 
> Verzonden: dinsdag 18 december 2018 9:02
> Aan: L.P.H. van Belle
> CC: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs 
> gaining execute bit
> 
> Hi Louis,
> 
> Those were the docs I initially followed.  I don’t see any 
> mention in them as to why one would expect unusual (in Unix 
> terms) execute permission values.
> 
> If anybody could point me towards documentation of the 
> expected permission behavior (esp. with POSIX ACLs) of modern 
> Samba I would greatly appreciate it.
> 
> Christian
> 
> > On Dec 17, 2018, at 11:47 PM, L.P.H. van Belle via samba 
> <samba@xxxxxxxxxxxxxxx> wrote:
> > 
> > 
> > Hai, 
> > 
> > The docs shown are a bit old, yes, i suggest start reading these. 
> > 
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Wind
> ows_ACLs 
> > 
> > 
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs 
> > 
> > Look at the smb.conf man and search for acl ( or exec ) 
> > 
> > 
> > Greetz, 
> > 
> > Louis
> > 
> > 
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> >> christian russell via samba
> >> Verzonden: dinsdag 18 december 2018 4:59
> >> Aan: Andrew Bartlett
> >> CC: samba@xxxxxxxxxxxxxxx
> >> Onderwerp: Re: [Samba] Samba-created files with POSIX ACLs 
> >> gaining execute bit
> >> 
> >> I figured something as much but all the docs I found pointed 
> >> to the archive, hidden, and readonly attributes touching the 
> >> execute bits (see here, for example: 
> >> https://www.samba.org/samba/docs/using_samba/ch08.html#samba2-
> >> CHP-8-FIG-2 
> >> <https://www.samba.org/samba/docs/using_samba/ch08.html#samba2
> >> -CHP-8-FIG-2>).  That’s why I disabled those mappings in my 
> >> smb.conf.  Granted the docs I found were older — is this 
> >> handled differently nowadays?
> >> 
> >> In any event is there some way to prevent this behavior so I 
> >> get sane permissions within the *nix environment?
> >> 
> >> Thanks very much for your response.
> >> 
> >> Christian
> >> 
> >>> On Dec 17, 2018, at 7:02 PM, Andrew Bartlett 
> >> <abartlet@xxxxxxxxx> wrote:
> >>> 
> >>> On Mon, 2018-12-17 at 18:56 -0800, christian russell via 
> >> samba wrote:
> >>>> Hi all,
> >>>> 
> >>>> I have a Samba share set up using POSIX ACLs as the 
> >> permissions backend.  I am seeing an issue where files 
> >> created via the Samba get execute permissions whereas files 
> >> created via shell do not.  
> >>> 
> >>> Samba maps the windows execute permission to the posix 
> one, which is
> >>> why this happens.
> >>> 
> >>> Andrew Bartlett
> >>> 
> >>> -- 
> >>> Andrew Bartlett
> >>> https://samba.org/~abartlet/
> >>> Authentication Developer, Samba Team         https://samba.org
> >>> Samba Development and Support, Catalyst IT   
> >>> https://catalyst.net.nz/services/samba
> >>> 
> >>> 
> >>> 
> >>> 
> >> 
> >> -- 
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >> 
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba