Bug#783252: Document samba changes in regard to serving executable files to Windows clients

Fri, 24 Apr 2015 10:12:47 -0700 

Control: tags -1 pending

On 2015-04-24 18:22, Mario Lipinski wrote:
> Package: release-notes
> 
> Hi,
> 
> Jessie will release with Samba 4 containing lots of changes. While the
> default configuration will be mostly backwards compatible I belief the
> following change noteworthy in the release notes: Windows may ask to
> "open a file for execution". While with Samba 3 this was implied by the
> user being allowed to read the file, Samba 4 evaluates the unix
> executable bit and rejects such "open a file for execution" requests if
> the executable bit is not set. This will e.g. lead to netlogon scripts
> to be silently ignored by Windows clients if no executable bit is set
> and also execution of other executables and scripts is rejected if the
> unix executable bit is not set on the files.
> 
> Since this caused quite some hard time for me to figure out I would
> consider it noteworthy in the release notes.
> 
> Mario
> 

Thanks for reporting this issue!

I have applied the following patch to the SVN.  I hope you will spare a
moment to review the text and possibly suggest improvements.

Thanks,
~Niels



>From 9c40e4de324611243b6ac4d5a912b0d1823cf737 Mon Sep 17 00:00:00 2001
From: nthykier <nthykier@313b444b-1b9f-4f58-a734-7bb04f332e8d>
Date: Fri, 24 Apr 2015 17:07:59 +0000
Subject: [PATCH] issues: Document Samba4 exec-bit requirement (#783252)

Signed-off-by: Niels Thykier <ni...@thykier.net>

git-svn-id: svn+ssh://svn.debian.org/svn/ddp/manuals/trunk/release-notes@10838 313b444b-1b9f-4f58-a734-7bb04f332e8d
---
 en/issues.dbk | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/en/issues.dbk b/en/issues.dbk
index f14314c..a383b7a 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -965,4 +965,14 @@ echo 'base-passwd base-passwd/system/<replaceable>username</replaceable>/shell/<
     </para>
   </section>
 </section>
+<section>
+  <title>Samba4 requires exec-bit to permit files to be open for execution</title>
+  <para>
+    If a client requests for a file to be "opened for execution", then
+    Samba4 will require that the file have the "exec-bit" set on the
+    file in addition to the regular read permissions.  This also
+    causes "netlogon" scripts to be silently ignored if they lack this
+    exec-bit.
+  </para>
+</section>
 </chapter>
-- 
2.1.4

Reply via email to