if you have an ACL, where the file has executable permission only granted to the ownser through the "creator owner" (S-1-3-0) security principcal, then this permission is not granted. Example: bjacke@cifstest1:/mnt3/Test$ getcifsacl no-exec REVISION:0x1 CONTROL:0x8004 OWNER:SERNET\bjacke GROUP:SERNET\Domain Users ACL:SERNET\bjacke:ALLOWED/0x0/0x1f01df ACL:SERNET\Domain Users:ALLOWED/0x0/0x1f01df ACL:SERNET\Domain Admins:ALLOWED/0x0/FULL (above here domain users and my user bjacke have all permissions except for execute (0x1f01df)) bjacke@cifstest1:/mnt3/Test$ ./no-exec bash: ./no-exec: Permission denied -> RIGHT Now grant FULL permissions to the owner (which is bjacke): bjacke@cifstest1:/mnt3/Test$ setcifsacl -a 'ACL:\creator owner:ALLOWED/0x0/FULL' no-exec bjacke@cifstest1:/mnt3/Test$ getcifsacl no-exec REVISION:0x1 CONTROL:0x8004 OWNER:SERNET\bjacke GROUP:SERNET\Domain Users ACL:SERNET\bjacke:ALLOWED/0x0/0x1f01df ACL:SERNET\Domain Users:ALLOWED/0x0/0x1f01df ACL:SERNET\Domain Admins:ALLOWED/0x0/FULL ACL:\Creator Owner:ALLOWED/0x0/FULL The file should be executable now by bjacke but it's still not: bjacke@cifstest1:/mnt3/Test$ ./no-exec bash: ./no-exec: Permission denied -> WRONG Is the S-1-3-0 security principal supposed to be evaluated at all or is this not implemented?
(In reply to Björn Jacke from comment #0) I remember fixing something in that are recently (1-2 years timeframe) and off the top of my hat I'd say we implement it and it should work.
(In reply to Ralph Böhme from comment #1) this is a cifs vfs client issue
Steve: ping. Any chance you can look into this?