Unable to get execute bit on Samba share working with Windows 7 client

14.04 server windows permissions samba

12,416

In the [global] section of your /etc/samba/smb.conf add the following lines:

[global]

usershare owner only = false
unix extensions = no
follow symlinks = yes
wide links = yes

ntlm auth = no
lanman auth = no
client ntlmv2 auth = yes

Also, check the way the NTFS partitions are mounted in the /etc/fstab file. I had to add default 0 0 to the end of my NTFS mounts, that way it opened up all the permissions for the files to be accessible. I put an example of how my mounts are.

UUID=0A485DBF485DAA69 /media/500GB ntfs default 0 0
UUID=6AAA4323AA42EB61 /media/SGUSB ntfs default 0 0

Hopefully this helps.

EDIT: I totally forgot this one was still open, and I missed something. As it turns out, this is a bug, and can be remedied by the following lines:

Workaround:

-- /etc/samba/local.conf
[global]
  acl allow execute always = True
--

Information can be found in the bug report here.

12,416

Matthew Zaleski

Updated on September 18, 2022

Comments

Matthew Zaleski almost 2 years
I keep most of my files on an Ubuntu 14.04 box in Samba shares and access them from Windows 7 client machines. I had this all working with Ubuntu 11.10 and somehow broke this when moving to 14.04. There is an extra layer of indirection within the server via greyhole (jbod storage pooling via Samba) but it is only a plugin to Samba and does not change permissions.

Problem:
1. An EXE is saved by W7-client to Samba share.
2. Permissions look correct from command-line on server
3. W7-client cannot execute file (I can't post image due to low reputation).
"Windows cannot access \\server\Software\Internet\WinApps\Multimedia\SetupProg.exe. You do not have permissions to access \\server\Software\Internet\WinApps\Multimedia\SetupProg.exe."

Windows sees the following permissions on the EXE:
```
Everyone: Read
root (Unix User\root): Read & Execute, Read, Write, Special
sambashare (Unix Group\sambashare): Read, Write
```
I use a group "sambashare" as a common group for all users accessing via Samba shares. I have sticky bits set as seen here:
```
drwsrwsr-x 31 root     sambashare 12288 Apr 25 20:11 ../
```
So I consistently get owner=root, group=sambashare. No issues there.

Looking from the server side I see:
```
$ ls -l /mnt/lsi11/shares/Software/Internet/WinApps/Multimedia
lrwxrwxrwx  1 root sambashare    69 Apr 25 16:14 SetupProg.exe -> /mnt/lsi4/gh/Software/Internet/WinApps/Multimedia/SetupProg.exe

$ ls -l /mnt/lsi4/gh/Software/Internet/WinApps/Multimedia
-rwxrw-r--  1 root sambashare 11800240 Apr 25 15:23 SetupProg.exe
```
The group execute bit is not being set.

Looking at the smb.conf for the share I have (including items from @Terrance):
```
[Global]
   wide links = yes
   unix extensions = no
   workgroup = WORKGROUP
   server string = %h server (Samba, Ubuntu)
   wins support = yes
   dns proxy = no
   name resolve order = lmhosts host wins bcast
   log file = /var/log/samba/log.%m
   max log size = 5000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = user
   encrypt passwords = true
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = no
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   printing = bsd
   printcap name = /dev/null
   usershare allow guests = yes

   follow symlinks = yes
   ntlm auth = no
   lanman auth = no
   client ntlmv2 auth = yes
   usershare owner only = no

[Software]
   comment = Software files
   browsable = yes
   path = /mnt/lsi11/shares/Software
   read only = no
   valid users = user1 user2
   guest ok = no
   inherit owner = yes
   inherit permissions = yes
   dfree command = /usr/bin/greyhole-dfree
   vfs objects = greyhole
```
I am able to manually set the execute bit from Linux and fix existing files. Any suggestions where to go poking would be helpful.
- Admin about 9 years
  
  I tried adding "create mask = 0775" to [Global] since I read that Samba defaults to 0755. It didn't change the behavior.
- Admin about 9 years
  
  Just wondering if you are putting two slashes in front of the server name, like \\server\share\somepath\somefile.exe?
- Admin about 9 years
  
  @Terrance Good catch! However that was a formatting issue of askubuntu turning double-backslash into a single displayed backslash. I've corrected the markup.
- Admin about 9 years
  
  Good, just checking. I am going to add some stuff to an answer, and hopefully they work for you.
- Admin about 9 years
  
  I just noticed that only root has executable on the actual file in /mnt/lsi4/gh/Software/Internet/WinApps/Multimedia. Maybe try making the setup prog itself fully executable. sudo chmod 777 /mnt/lsi4/gh/Software/Internet/WinApps/Multimedia/SetupProg.‌exe
- Admin about 9 years
  
  I just thought of something overnight. How are the NTFS partitions being mounted in the /etc/fstab? That's where I had my problem. I had to mount my NTFS partitions as default 0 0 mounts, then I could access the executables fine.
Terrance about 9 years

@Matthew Zaleski I noticed that there are some repeat lines, just ignore those ones. This was a copy and paste from my smb.conf.
Matthew Zaleski about 9 years

I've added the new options to my file and no change in result. I've edited my post to include ALL of my Global options as I should have in the first place. Entries that are new from you are separated by a blank line in the question.
Terrance about 9 years

@MatthewZaleski How did you install Samba? Through the apt-get install samba command? The reason why I am asking, is that I set mine up through just right-clicking a folder in Nautilus, then chose Sharing option, and it prompted me to install Samba. I have not had any issues with launching Windows executables through the share. Let me dig deeper and see if I can find the answer for that.
Matthew Zaleski about 9 years

This is a 14.04 LTS Server install with no GUI. I'm pretty sure that Samba was one of the options in the "text installer". I did a manual merge of the 14.04 smb.conf with the settings that worked in my 11.10 smb.conf. I switched to 14.04 last August. I didn't notice the problem immediately but definitely was broken by November; It could have been broken from August. Earlier today I did pick up latest versions all installed packages, including kernel and Samba. Nearly all packages are installed via apt-get or aptitude.
Terrance about 9 years

@MatthewZaleski OK, that makes sense then. No problems. We'll get to the bottom of this.
Terrance about 9 years

@MatthewZaleski What I just edited on my answer is how I have all my NTFS partitions mounted. The UUID= came from the command sudo blkid. Then it is the folder that they are being mounted to. Then mount file system type. Then the mount properties.
Matthew Zaleski about 9 years

These are all ext4 filesystems UUID=438958d0-f2b8-4d25-bc7b-a3d10de15068 /mnt/lsi11 ext4 defaults 0 2
Terrance about 9 years

@MatthewZaleski I am so sorry, I missed your comment here. I found some more information, and updated my answer for you, if you haven't already fixed this.
Matthew Zaleski over 8 years

I missed the notification of your answer. Your final suggestion did indeed correct the situation. Thanks!