SMBFS mount's file cannot be made executable

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Nov 11 13:18:07 GMT 2024


On Nov 11 22:00, Takashi Yano via Cygwin wrote:
> On Mon, 11 Nov 2024 12:59:41 +0100
> Corinna Vinschen wrote:
> > On Nov 11 20:19, Takashi Yano via Cygwin wrote:
> > > On Mon, 11 Nov 2024 11:56:13 +0100
> > > Corinna Vinschen wrote:
> > > 
> > > > On Nov 11 19:31, Takashi Yano via Cygwin wrote:
> > > > > On Fri, 8 Nov 2024 14:11:40 +0100
> > > > > Corinna Vinschen wrote:
> > > > > > If the server is a Samba share, check if `force unknown acl user = yes'
> > > > > > and for the share itself, check that
> > > > > > 
> > > > > >   read only = No
> > > > > >   vfs objects = acl_xattr
> > > > >     ^^^^^^^^^^^^^^^^^^^^^^^
> > > > > Thanks! This makes things better.
> > > > > At least x permissions are set to executable compiled by gcc.
> > > > > 
> > > > > However, something is still wrong in my environment....
> > > > > Others permission seems to be reffered in some cases.
> > > > 
> > > > I don't understand.  Please run icacls for a just created file on your
> > > > Samba share (without the below patch) as well as Windows' `whoami /all'.
> > > 
> > > $ touch samba_test_file.txt
> > > $ icacls samba_test_file.txt
> > > samba_test_file.txt S-1-5-21-479325430-3041864944-504445739-1000:(R,W,D,WDAC,WO)
> > >                     S-1-5-21-479325430-3041864944-504445739-513:(R)
> > >                     Everyone:(R)
> > > 
> > > This seems reasonable to me.
> > > 
> > > For Windows 11 share, the result is
> > > samba_test_file.txt NULL SID:(DENY)(Rc,S,WEA,X,DC)
> > >                     S-1-5-21-2089672436-4097686843-2104605006-1001:(R,W,D,WDAC,WO)
> > 
> >   On Samba S-1-5-21-479325430-3041864944-504445739-1000
> >   On Windows S-1-5-21-2089672436-4097686843-2104605006-1001
> > 
> > Isn't the user mapping off?
> > 
> > It's also not clear where your Windows ACL comes from.  When I check the
> > permissions on typical Windows folders, Authenticated Users doesn't even
> > show up.
> 
> On my machine,
> 
> C:\Users\yano>mkdir \test_folder
> 
> C:\Users\yano>icacls \test_folder
> \test_folder BUILTIN\Administrators:(I)(OI)(CI)(F)
>              NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
>              BUILTIN\Users:(I)(OI)(CI)(RX)
>              NT AUTHORITY\Authenticated Users:(I)(M)
>              NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)

Those are inherited from the parent folder, i. e., C:\.

$ icacls C:\\
c:\ S-1-15-3-65536-1888954469-739942743-1668119174-2468466756-4239452838-1296943325-355587736-700089176:(S,RD,X,RA)
    BUILTIN\Administrators:(OI)(CI)(F)
    NT AUTHORITY\SYSTEM:(OI)(CI)(F)
    BUILTIN\Users:(OI)(CI)(RX)
    NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
    NT AUTHORITY\Authenticated Users:(AD)
    Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)

Funny enough, the C:\ default ACL on servers doesn't contain entries for
Authenticated Users.  The group Users is tasking its place.


Corinna


More information about the Cygwin mailing list