SMBFS mount's file cannot be made executable

Takashi Yano takashi.yano@nifty.ne.jp
Mon Nov 11 10:31:52 GMT 2024


Hi Corinna,

On Fri, 8 Nov 2024 14:11:40 +0100
Corinna Vinschen wrote:
> On Nov  8 20:51, Takashi Yano via Cygwin wrote:
> > Hi all,
> > 
> > On Thu, 8 Aug 2019 15:41:55 +0000
> > "Lavrentiev, Anton (NIH/NLM/NCBI) [C] wrote:
> > > Hi,
> > > 
> > > Here's the situation, I have a netmount "Z:" but I cannot make any files on it executable from Cygwin:
> > > 
> > > $ mount
> > > ...
> > > Z: on /cygdrive/z type smbfs (binary,posix=0,user,noumount,auto)
> > > [...]
> > > $ ls -l a.exe
> > > -rw-rw-r--+ 1 lavr cppcore 157753 Aug  8 11:29 a.exe
> > > [...]
> > > $ chmod a+x a.exe
> > > [...]
> > > $ ls -l a.exe
> > > -rw-rw-r--+ 1 lavr cppcore 157753 Aug  8 11:29 a.exe
> > > [...]
> > > Also, any file that I give the "x" permission from outside Cygwin (e.g. from Linux) on the SMBFS drive "Z:",
> > > becomes executable:
> > 
> > Does anyone know what was the conclusion of this issue?
> > I have encountered the same issue and cannot find the
> > solution so far.
> 
> SMB is really complex, and Samba adds to the complexity.
> 
> If the remote drive is a Windows share, check if the server shares the
> folder with "Full Control" for everyone.
> 
> If the server is a Samba share, check if `force unknown acl user = yes'
> and for the share itself, check that
> 
>   read only = No
>   vfs objects = acl_xattr
    ^^^^^^^^^^^^^^^^^^^^^^^
Thanks! This makes things better.
At least x permissions are set to executable compiled by gcc.

However, something is still wrong in my environment....
Others permission seems to be reffered in some cases.

>   map acl inherit = Yes
>   store dos attributes = Yes
> 
> Not sure if that helps, but I don't have any other idea.  I'm running
> Samba in an AD environment and "it works for me" :-P

I looked into this probelm and found the NtAccessCheck() fails
for my samba environment.

It seems that next patch solves this.

diff --git a/winsup/cygwin/sec/base.cc b/winsup/cygwin/sec/base.cc
index d5e39d281..c519af6e0 100644
--- a/winsup/cygwin/sec/base.cc
+++ b/winsup/cygwin/sec/base.cc
@@ -681,6 +681,9 @@ convert_samba_sd (security_descriptor &sd_ret)
 				     ace->Header.AceFlags))
 	  return;
       }
+  /* Samba without AD seems to need this. */
+  add_access_allowed_ace (acl, FILE_ALL_ACCESS,
+			  well_known_authenticated_users_sid, acl_len, 0);
   acl->AclSize = acl_len;
 
   RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);

What do you think?

-- 
Takashi Yano <takashi.yano@nifty.ne.jp>


More information about the Cygwin mailing list