Andrew Bartlett wrote: > On Sun, 2013-10-13 at 15:39 +0200, Frantisek Hanzlik wrote: >> After upgrading from samba-3.6.12 to samba-4.0.9 (Fedora 17 i686 -> >> Fedora 19 i686, smb.conf stayed same) I see weird behavior - windows >> client can not run executable files due to insufficient permissions. >> However, when I in Linux set (with 'chmod u+x,g+x ...') execution bit >> for these files, all is fine and windows client can run their. >> It seems for me as samba4 (contrary to samba3) now check x bit for >> some 'Read-And-Execute' (or how are executables called from windows) >> and deny access although client has all other rights (read and write) >> to this .exe file. >> Data are stored on ext4 volume which is mounted with 'user_xattr acl' >> option. My smb.conf look as (some IMO unimportant items omitted from >> 'testparm -s' output): >> >> [global] >> logon script = %m.bat >> logon path = >> domain logons = Yes >> os level = 63 >> preferred master = Yes >> domain master = Yes >> wins support = Yes >> idmap config * : backend = tdb >> ea support = Yes >> map archive = No >> map readonly = no >> store dos attributes = Yes >> >> [info] >> comment = Data info >> path = /home/DATA/info >> read list = @info >> write list = @info >> force group = info >> create mask = 0770 >> directory mask = 0771 >> force create mode = 0660 >> force directory mode = 02770 >> ----------------- >> >> How is possible solve this issue? Win client self did not set x bit >> on executables (e.g. when I from windows client extract ZIP archive >> with executables, they have no x-bit set). Should Samba4 itself set >> 'Read-And-Execute' rights, either by settin x bit or by setting these >> rights in extended attributes? > > See the new parameter in Samba 4.0.10 'acl allow execute always' > > Andrew Bartlett
Andrew, thanks for help. Unfortunately, my distro (Fedora 19) still not has Samba 4.0.10 by that time, and maybe in older, still active, Fedora 18 this version will never be. Please is this problem solvable on Samba4 prior v4.0.10? One solution which invades me is "force create mode = 0770" (no Linux user/program access files on these shares), but from Linux view, x bit on data files looks terribly :) Thanks, Franta Hanzlik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
