Bug 35137 - Files on Samba 4.x shares not executable any longer without explicit "executable" permission
Files on Samba 4.x shares not executable any longer without explicit "executa...
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-2-errata
Assigned To: Felix Botner
Arvid Requate
Depends on: 33785
  Show dependency treegraph
Reported: 2014-06-17 13:19 CEST by Felix Botner
Modified: 2014-07-10 13:35 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2014-06-17 13:19:24 CEST
+++ This bug was initially created as a clone of Bug #33785 +++

Samba 3.6 and earlier allowed open for execution when execute permissions are not present on a file. This has been fixed in Samba 4.0. This change caused an issue e.g. on Ticket#: 2013072221002032.

Starting with Samba 4.0.10 there is a new share option "acl allow execute always", which instructs smbd to skip the execute bit from the ACL check, re-establishing the old behaviour in this case.

Maybe we should make this configurable per share.
Comment 1 Felix Botner univentionstaff 2014-06-17 13:21:50 CEST
Added samba/acl/allow/execute/always (default yes) to univention-samba4 to configure samba option "acl allow execute always" (global).

YAML: 2014-06-17-univention-samba4.yaml
Comment 2 Arvid Requate univentionstaff 2014-07-02 13:51:39 CEST
 * UCR variable is documented and set on update
 * smb.conf template default is yes
 * A user logged on to a windows client can execute files without x-bit
 * setting the variable to no restores the old behaviour
 * Advisory ok
Comment 3 Janek Walkenhorst univentionstaff 2014-07-10 13:35:21 CEST