Univention Bugzilla – Bug 33785
Files on Samba 4.x shares not executable any longer without explicit "executable" permission
Last modified: 2014-07-10 13:33:56 CEST
Samba 3.6 and earlier allowed open for execution when execute permissions are not present on a file. This has been fixed in Samba 4.0. This change caused an issue e.g. on Ticket#: 2013072221002032. Starting with Samba 4.0.10 there is a new share option "acl allow execute always", which instructs smbd to skip the execute bit from the ACL check, re-establishing the old behaviour in this case. Maybe we should make this configurable per share.
2014050921003881 This is a quite invasive change to the behaviour between UCS 3.1 and UCS 3.2 that is not even mentioned in changelog/release notes. Just to make this clear: "Samba 3" setups are affected too! Workaround: -- /etc/samba/local.conf [global] acl allow execute always = True -- I think we should, at least, add a this to the release notes.
Set to 3.2-2-errata otherwise it is out of my scope.
Added samba/acl/allow/execute/always (default yes) to univention-samba to configure samba option "acl allow execute always" (global). YAML: 2014-06-17-univention-samba.yaml
Ok, looks mostly good, for all four tests (s3,s4)x(master,backup,slave,member) it only failed once in the last 26 test runs. That singke failure was an authentication error during the test: http://jenkins.knut.univention.de:8080/job/UCS%203.2-2%20Autotest%20MultiEnv/SambaVersion=s4,Systemrolle=slave/33/testReport/junit/10_ldap/74schema_update/test/ So verified for now.
Oops, wrong bug.. ignore the last comment.
Verified: * UCR variable is documented and set to yes on update * smb.conf template default is yes * A user logged on to a windows client can execute files without x-bit * setting the variable to no restores the old behaviour * Advisory ok
http://errata.univention.de/ucs/3.2/140.html