Univention Bugzilla – Bug 33785
Files on Samba 4.x shares not executable any longer without explicit "executable" permission
Last modified: 2014-07-10 13:33:56 CEST
Samba 3.6 and earlier allowed open for execution when execute permissions are not present on a file. This has been fixed in Samba 4.0. This change caused an issue e.g. on Ticket#: 2013072221002032.
Starting with Samba 4.0.10 there is a new share option "acl allow execute always", which instructs smbd to skip the execute bit from the ACL check, re-establishing the old behaviour in this case.
Maybe we should make this configurable per share.
This is a quite invasive change to the behaviour between UCS 3.1 and UCS 3.2 that is not even mentioned in changelog/release notes.
Just to make this clear: "Samba 3" setups are affected too!
acl allow execute always = True
I think we should, at least, add a this to the release notes.
Set to 3.2-2-errata otherwise it is out of my scope.
Added samba/acl/allow/execute/always (default yes) to univention-samba to configure samba option "acl allow execute always" (global).
Ok, looks mostly good, for all four tests (s3,s4)x(master,backup,slave,member) it only failed once in the last 26 test runs. That singke failure was an authentication error during the test:
So verified for now.
Oops, wrong bug.. ignore the last comment.
* UCR variable is documented and set to yes on update
* smb.conf template default is yes
* A user logged on to a windows client can execute files without x-bit
* setting the variable to no restores the old behaviour
* Advisory ok