SMBFS mount's file cannot be made executable
Takashi Yano
takashi.yano@nifty.ne.jp
Mon Nov 11 10:31:52 GMT 2024
Hi Corinna,
On Fri, 8 Nov 2024 14:11:40 +0100
Corinna Vinschen wrote:
> On Nov 8 20:51, Takashi Yano via Cygwin wrote:
> > Hi all,
> >
> > On Thu, 8 Aug 2019 15:41:55 +0000
> > "Lavrentiev, Anton (NIH/NLM/NCBI) [C] wrote:
> > > Hi,
> > >
> > > Here's the situation, I have a netmount "Z:" but I cannot make any files on it executable from Cygwin:
> > >
> > > $ mount
> > > ...
> > > Z: on /cygdrive/z type smbfs (binary,posix=0,user,noumount,auto)
> > > [...]
> > > $ ls -l a.exe
> > > -rw-rw-r--+ 1 lavr cppcore 157753 Aug 8 11:29 a.exe
> > > [...]
> > > $ chmod a+x a.exe
> > > [...]
> > > $ ls -l a.exe
> > > -rw-rw-r--+ 1 lavr cppcore 157753 Aug 8 11:29 a.exe
> > > [...]
> > > Also, any file that I give the "x" permission from outside Cygwin (e.g. from Linux) on the SMBFS drive "Z:",
> > > becomes executable:
> >
> > Does anyone know what was the conclusion of this issue?
> > I have encountered the same issue and cannot find the
> > solution so far.
>
> SMB is really complex, and Samba adds to the complexity.
>
> If the remote drive is a Windows share, check if the server shares the
> folder with "Full Control" for everyone.
>
> If the server is a Samba share, check if `force unknown acl user = yes'
> and for the share itself, check that
>
> read only = No
> vfs objects = acl_xattr
^^^^^^^^^^^^^^^^^^^^^^^
Thanks! This makes things better.
At least x permissions are set to executable compiled by gcc.
However, something is still wrong in my environment....
Others permission seems to be reffered in some cases.
> map acl inherit = Yes
> store dos attributes = Yes
>
> Not sure if that helps, but I don't have any other idea. I'm running
> Samba in an AD environment and "it works for me" :-P
I looked into this probelm and found the NtAccessCheck() fails
for my samba environment.
It seems that next patch solves this.
diff --git a/winsup/cygwin/sec/base.cc b/winsup/cygwin/sec/base.cc
index d5e39d281..c519af6e0 100644
--- a/winsup/cygwin/sec/base.cc
+++ b/winsup/cygwin/sec/base.cc
@@ -681,6 +681,9 @@ convert_samba_sd (security_descriptor &sd_ret)
ace->Header.AceFlags))
return;
}
+ /* Samba without AD seems to need this. */
+ add_access_allowed_ace (acl, FILE_ALL_ACCESS,
+ well_known_authenticated_users_sid, acl_len, 0);
acl->AclSize = acl_len;
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
What do you think?
--
Takashi Yano <takashi.yano@nifty.ne.jp>
More information about the Cygwin
mailing list