I'm looking for some assistance regarding file permissions and the inability to stop the execution of a file even though the execute permission has not been set.
Scenario I create a share. I copy the notepad.exe from a windows client onto the share. >From Linux console: chown <user> notepad.exe chmod 600 notepad.exe >From Windows client: I map a drive to the share and I am still able to run the notepad.exe file from the share, even though executable permissions aren't set... I can remove the executable flag via the Windows GUI and the same occurs. I've tried other executable files and the same occurs. If I chmod 222 to remove any read rights, then I get the access denied that I would expect. As far as user permissions are going, I've tried a number of options. Originally I had a samba server as a member of a Windows NT Domain, using Winbind to map user IDs. This also had ACL support with the 2.4.17acl kernel and permissions were being set fine on multiple users from the NT domain. I've stripped elements out until I now have just a samba server which is not part of a domain and my windows user is in the smbpasswd file with matching user Id and password. At all stages this problem occurs. I need to know if I'm doing something very dumb here but the ability to stop users running executables from a network share is critical. Clients are Windows 2000 / NT4 Samba versions that I've tried are 2.2.8 and 2.0.0.15 (RPM from SuSE installation CD). Linux distros that I've tried are SuSE 7.2 and Redhat 7.2 Does anyone have any light they could throw onto why this is happening? I've seen a few threads regarding this in the samba general but no replies so forgive if off topic slightly but could really do with some hints.. Relevant bits from my smb.conf are below. [global] workgroup = DOMAIN2 guest account = nobody keep alive = 30 os level = 2 kernel oplocks = false security = domain encrypt passwords = yes socket options = TCP_NODELAY map to guest = Bad User wins server = 192.168.1.80 netbios name = samba1 winbind uid = 1000-2000 winbind gid = 1000-2000 winbind cache time = 10 winbind separator = + password server = * log file = /var/log/samba log level = 1 [share3] path = /share3 comment = shared area read only = no browseable = yes
