From a2a3c9f36d7a19d75924cff25fa1b450d85ee6d6 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 2 Sep 2013 16:54:15 +0200 Subject: docs: document "acl allow execute always" Signed-off-by: Michael Adam Reviewed-by: Volker Lendecke Reviewed-by: David Disseldorp Autobuild-User(master): Michael Adam Autobuild-Date(master): Wed Sep 11 01:21:00 CEST 2013 on sn-devel-104 --- .../smbdotconf/protocol/aclallowexecutealways.xml | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 docs-xml/smbdotconf/protocol/aclallowexecutealways.xml (limited to 'docs-xml') diff --git a/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml new file mode 100644 index 0000000000..048c388e07 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml @@ -0,0 +1,26 @@ + + + + This boolean parameter controls the behaviour of smbd + 8 when receiving a protocol request of "open for execution" + from a Windows client. + With Samba 3.6 and older, the execution right in the ACL was not checked, so a client + could execute a file even if it did not have execute rights on the file. In Samba 4.0, + this has been fixed, so that by default, i.e. when this parameter is set to "False", + open for execution is now denied when execution permissions are not present. + + + If this parameter is set to "True", Samba does not check execute permissions on + "open for execution, thus re-establishing the behaviour of Samba 3.6. + This can be useful to smoothen upgrades from older Samba versions to 4.0 and newer. + This setting is not not meant to be used as a permanent setting, but as a temporary relief: + It is recommended to fix the permissions in the ACLs and reset this parameter to the + default after a ceratain transition period. + + +False + -- cgit