cygwin 1.7.13-1: can't execute shell scripts on samba share

cygwin 1.7.13-1: can't execute shell scripts on samba share

[Len Giambrone]

I'm can't execute shell scripts on a samba share served by our linux boxes.

lgiambro@lorien //kitserver/kits
$ ls -la len.sh
-rwx------ 1 lgiambro releng 24 Apr 18 10:48 len.sh

lgiambro@lorien //kitserver/kits
$ cat len.sh
#!/bin/sh
echo it works

lgiambro@lorien //kitserver/kits
$ ./len.sh
-bash: ./len.sh: Permission denied

I can execute a .bat file from a cmd window just fine, so this makes me think this might be a Cygwin issue.
(If it's not an equivalent or good test, please let me know a better one).

getfacl says:

lgiambro@lorien //kitserver/kits
$ getfacl len.sh
# file: len.sh
# owner: lgiambro
# group: releng
user::rwx
group::---
mask:rwx
other:---

cacls says its executable:

lgiambro@lorien //kitserver/kits
$ cacls len.sh
\\kitserver\kits\len.sh <Account Domain not found>(special access:)
                                                  READ_CONTROL
                                                  WRITE_DAC
                                                  WRITE_OWNER
                                                  SYNCHRONIZE
                                                  FILE_GENERIC_READ
                                                  FILE_GENERIC_WRITE
                                                  FILE_GENERIC_EXECUTE
                                                  FILE_READ_DATA
                                                  FILE_WRITE_DATA
                                                  FILE_APPEND_DATA
                                                  FILE_READ_EA
                                                  FILE_WRITE_EA
                                                  FILE_EXECUTE
                                                  FILE_DELETE_CHILD
                                                  FILE_READ_ATTRIBUTES
                                                  FILE_WRITE_ATTRIBUTES

                        <Account Domain not found>(special access:)

                        Everyone:(special access:)

What else can/should I look for?  Any help would be appreciated.

-Len





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Earnie Boyd]

On Wed, Apr 18, 2012 at 11:44 AM, Len Giambrone
<Len.Giambrone@intersystems.com> wrote:
> I'm can't execute shell scripts on a samba share served by our linux boxes.
>
> lgiambro@lorien //kitserver/kits
> $ ls -la len.sh
> -rwx------ 1 lgiambro releng 24 Apr 18 10:48 len.sh
>
> lgiambro@lorien //kitserver/kits
> $ cat len.sh
> #!/bin/sh
> echo it works
>
> lgiambro@lorien //kitserver/kits
> $ ./len.sh
> -bash: ./len.sh: Permission denied

I suppose the same happens if you execute len.sh similar to the following?

$ bash -x ./len.sh

-- 
Earnie
-- https://sites.google.com/site/earnieboyd

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Len Giambrone]

No.  That works.  presumably because it's executing "bash" and not
the script itself.

-Len




On Apr 18, 2012, at 1:49 PM, Earnie Boyd wrote:

> On Wed, Apr 18, 2012 at 11:44 AM, Len Giambrone
> <Len.Giambrone@intersystems.com> wrote:
>> I'm can't execute shell scripts on a samba share served by our linux boxes.
>> 
>> lgiambro@lorien //kitserver/kits
>> $ ls -la len.sh
>> -rwx------ 1 lgiambro releng 24 Apr 18 10:48 len.sh
>> 
>> lgiambro@lorien //kitserver/kits
>> $ cat len.sh
>> #!/bin/sh
>> echo it works
>> 
>> lgiambro@lorien //kitserver/kits
>> $ ./len.sh
>> -bash: ./len.sh: Permission denied
> 
> I suppose the same happens if you execute len.sh similar to the following?
> 
> $ bash -x ./len.sh
> 
> -- 
> Earnie
> -- https://sites.google.com/site/earnieboyd
> 
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> 


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

RE: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Michel Bardiaux]

2 suggestions:

1. What happens if len.sh is in your Cygwin home, that is on the local
drive?

2. What happens with "sh -x ./len.sh" (on the network drive)?

HaND,

-----Original Message-----

No.  That works.  presumably because it's executing "bash" and not the
script itself.

-Len




On Apr 18, 2012, at 1:49 PM, Earnie Boyd wrote:

> On Wed, Apr 18, 2012 at 11:44 AM, Len Giambrone 
> <Len.Giambrone@intersystems.com> wrote:
>> I'm can't execute shell scripts on a samba share served by our linux
boxes.
>> 
>> lgiambro@lorien //kitserver/kits
>> $ ls -la len.sh
>> -rwx------ 1 lgiambro releng 24 Apr 18 10:48 len.sh
>> 
>> lgiambro@lorien //kitserver/kits
>> $ cat len.sh
>> #!/bin/sh
>> echo it works
>> 
>> lgiambro@lorien //kitserver/kits
>> $ ./len.sh
>> -bash: ./len.sh: Permission denied
> 
> I suppose the same happens if you execute len.sh similar to the
following?
> 
> $ bash -x ./len.sh
> 

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Earnie Boyd]

On Wed, Apr 18, 2012 at 3:44 PM, Len Giambrone
<Len.Giambrone@intersystems.com> wrote:
> No.  That works.  presumably because it's executing "bash" and not
> the script itself.

http://cygwin.com/acronyms/#TOFU

And does the script contain #! /bin/sh or the like on line 1 column 1?

-- 
Earnie
-- https://sites.google.com/site/earnieboyd

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Len Giambrone]

-Len




On Apr 19, 2012, at 4:29 AM, Michel Bardiaux wrote:

> 2 suggestions:
> 
> 1. What happens if len.sh is in your Cygwin home, that is on the local
> drive?

lgiambro@lorien ~
$ ./len.sh
it works

> 
> 2. What happens with "sh -x ./len.sh" (on the network drive)?
> 

lgiambro@lorien //kitserver/kits
$ sh -x ./len.sh
+ echo it works
it works


> HaND,
> 
> -----Original Message-----
> 
> No.  That works.  presumably because it's executing "bash" and not the
> script itself.
> 
> -Len
> 
> 
> 
> 
> On Apr 18, 2012, at 1:49 PM, Earnie Boyd wrote:
> 
>> On Wed, Apr 18, 2012 at 11:44 AM, Len Giambrone 
>> <Len.Giambrone@intersystems.com> wrote:
>>> I'm can't execute shell scripts on a samba share served by our linux
> boxes.
>>> 
>>> lgiambro@lorien //kitserver/kits
>>> $ ls -la len.sh
>>> -rwx------ 1 lgiambro releng 24 Apr 18 10:48 len.sh
>>> 
>>> lgiambro@lorien //kitserver/kits
>>> $ cat len.sh
>>> #!/bin/sh
>>> echo it works
>>> 
>>> lgiambro@lorien //kitserver/kits
>>> $ ./len.sh
>>> -bash: ./len.sh: Permission denied
>> 
>> I suppose the same happens if you execute len.sh similar to the
> following?
>> 
>> $ bash -x ./len.sh
>> 
> 
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> 


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Len Giambrone]

-Len




On Apr 19, 2012, at 7:37 AM, Earnie Boyd wrote:

> On Wed, Apr 18, 2012 at 3:44 PM, Len Giambrone
> <Len.Giambrone@intersystems.com> wrote:
>> No.  That works.  presumably because it's executing "bash" and not
>> the script itself.
> 
> http://cygwin.com/acronyms/#TOFU
> 
> And does the script contain #! /bin/sh or the like on line 1 column 1?
> 

lgiambro@lorien ~
$ cat len.sh
#!/bin/sh
echo it works



> -- 
> Earnie
> -- https://sites.google.com/site/earnieboyd
> 
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> 


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

RE: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Michel Bardiaux]

[snip]

> lgiambro@lorien ~
> $ cat len.sh
> #!/bin/sh
> echo it works

And man sh states " --norc Do  not  read  and  execute the personal
initialization file ~/.bashrc if the
              shell is interactive.  This option is on by default if the
shell  is  invoked
              as sh."
Which eliminates bashrc as a possible culprit.

I have also tried the same as you did (len.sh on a samba share) and saw
the same problem. Then I saw that the len.sh got a (cygwin *and* linux)
mode of -rwxrw-r-- *without* doing any chmod. Then I saw that *every*
file I create on the samba share, gets the same mode!

First things first, is there a workaround? Yes, chmod 777 len.sh *done
on linux* works. And it actually works too when done on cygwin.

However, recreating len.sh on cygwin, then a chmod 700 len.sh again on
cygwin, does not work, again "./len.sh: Permission denied". But the mode
seen on the linux side is -rwx------.

I have also tried deleting then recreating the file in cygwin, then
closing all cygwin processes and unmapping and remapping the samba
drive. No cigar.

Then I tried cacls in various situations. It turns out that with mode
777, cacls reveals "Everyone:F", but with mode 700 we get:

len.sh <Account Domain not found>F
              <Account Domain not found>(special access:)
              Everyone:(special access:)

And getfacl says:

# file: len.sh
# owner: ????????
# group: ????????
user::rwx
group::---
mask:rwx
other:---

Now I would say cygwin behaves as expected in my case: owner has execute
permission, but who is the owner? Unfortunately this can only be *part*
of the explanation, since for the OP it is

# file: len.sh
# owner: lgiambro
# group: releng
user::rwx
group::---
mask:rwx
other:---

(see thread head for the cacls). His samba setup is obviously better
than mine. But now I cant be sure my workaround (mode 777) will work in
his case.

Hope these can help.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Earnie Boyd]

On Mon, Apr 23, 2012 at 7:02 AM, Michel Bardiaux <MBardiaux@mediaxim.be> wrote:
> [snip]
>
>> lgiambro@lorien ~
>> $ cat len.sh
>> #!/bin/sh
>> echo it works
>
> And man sh states " --norc Do  not  read  and  execute the personal
> initialization file ~/.bashrc if the
>              shell is interactive.  This option is on by default if the
> shell  is  invoked
>              as sh."
> Which eliminates bashrc as a possible culprit.

bash as sh will use ~/.profile in interactive and -login mode.  My
guess is the remote disk handler is causing Cygwin to not see the file
as executable.

-- 
Earnie
-- https://sites.google.com/site/earnieboyd

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Corinna Vinschen]

On Apr 23 13:02, Michel Bardiaux wrote:
> [snip]
> 
> > lgiambro@lorien ~
> > $ cat len.sh
> > #!/bin/sh
> > echo it works
> 
> And man sh states " --norc Do  not  read  and  execute the personal
> initialization file ~/.bashrc if the
>               shell is interactive.  This option is on by default if the
> shell  is  invoked
>               as sh."
> Which eliminates bashrc as a possible culprit.
> 
> I have also tried the same as you did (len.sh on a samba share) and saw
> the same problem. Then I saw that the len.sh got a (cygwin *and* linux)
> mode of -rwxrw-r-- *without* doing any chmod. Then I saw that *every*
> file I create on the samba share, gets the same mode!
> 
> First things first, is there a workaround? Yes, chmod 777 len.sh *done
> on linux* works. And it actually works too when done on cygwin.
> 
> However, recreating len.sh on cygwin, then a chmod 700 len.sh again on
> cygwin, does not work, again "./len.sh: Permission denied". But the mode
> seen on the linux side is -rwx------.
> 
> I have also tried deleting then recreating the file in cygwin, then
> closing all cygwin processes and unmapping and remapping the samba
> drive. No cigar.
> 
> Then I tried cacls in various situations. It turns out that with mode
> 777, cacls reveals "Everyone:F", but with mode 700 we get:
> 
> len.sh <Account Domain not found>F
>               <Account Domain not found>(special access:)
>               Everyone:(special access:)
> 
> And getfacl says:
> 
> # file: len.sh
> # owner: ????????
> # group: ????????

You could mount the samba share with "noacl", see
http://cygwin.com/cygwin-ug-net/using.html#mount-table


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

RE: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Michel Bardiaux]

[snip]

> You could mount the samba share with "noacl",
> see http://cygwin.com/cygwin-ug-net/using.html#mount-table
> Corinna

Thanks for the suggestion. I have added this to /etc/fstab:

Y: /cygdrive/y smbfs binary,noacl,auto 0 0

Closed all cygwin windows, reopened one (mintty), mount says:

C:/cygwin/bin on /usr/bin type ntfs (binary,auto)
C:/cygwin/lib on /usr/lib type ntfs (binary,auto)
C:/cygwin on / type ntfs (binary,auto)
Y: on /cygdrive/y type smbfs (binary,noacl)
C: on /cygdrive/c type ntfs (binary,posix=0,user,noumount,auto)
Z: on /cygdrive/z type smbfs (binary,posix=0,user,noumount,auto)

created (again...) len.sh on the samba drive, and again:

$ getfacl len.sh
# file: len.sh
# owner: ????????
# group: ????????
user::rwx
group::rw-
mask:rwx
other:r--

Curiouser and curiouser: the file begins with #!, hence with noacl it should be executable by anyone, right? But I still have permission denied, unless I chmod 777.

BTW: I am now playing around with execute mode and samba drives to help solve the OP's problem, maybe find a bug. I actually use cygwin with ssh, scp, svn, etc. so that I do *not* have to cope with the idiosyncrasies of multiple security layers: windows + samba + linux. So, adding a 4th one is akin to masochism!

Greetings,
(s) M. Bardiaux

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Corinna Vinschen]

On Apr 23 13:53, Corinna Vinschen wrote:
> On Apr 23 13:02, Michel Bardiaux wrote:
> > [snip]
> > 
> > > lgiambro@lorien ~
> > > $ cat len.sh
> > > #!/bin/sh
> > > echo it works
> > 
> > And man sh states " --norc Do  not  read  and  execute the personal
> > initialization file ~/.bashrc if the
> >               shell is interactive.  This option is on by default if the
> > shell  is  invoked
> >               as sh."
> > Which eliminates bashrc as a possible culprit.
> > 
> > I have also tried the same as you did (len.sh on a samba share) and saw
> > the same problem. Then I saw that the len.sh got a (cygwin *and* linux)
> > mode of -rwxrw-r-- *without* doing any chmod. Then I saw that *every*
> > file I create on the samba share, gets the same mode!
> > 
> > First things first, is there a workaround? Yes, chmod 777 len.sh *done
> > on linux* works. And it actually works too when done on cygwin.
> > 
> > However, recreating len.sh on cygwin, then a chmod 700 len.sh again on
> > cygwin, does not work, again "./len.sh: Permission denied". But the mode
> > seen on the linux side is -rwx------.
> > 
> > I have also tried deleting then recreating the file in cygwin, then
> > closing all cygwin processes and unmapping and remapping the samba
> > drive. No cigar.
> > 
> > Then I tried cacls in various situations. It turns out that with mode
> > 777, cacls reveals "Everyone:F", but with mode 700 we get:
> > 
> > len.sh <Account Domain not found>F
> >               <Account Domain not found>(special access:)
> >               Everyone:(special access:)
> > 
> > And getfacl says:
> > 
> > # file: len.sh
> > # owner: ????????
> > # group: ????????

Just to clarify:  The unknown owner and group accounts in the getfacl
output above are almost certainly the fake SIDs created by Samba to
generate an unambiguous Unix UID/GID to Windows SID mapping.  This
occurs if you don't use winbind on the Samba side to generate a real
UID/GID to SID mapping.

The fake SIDs created by Samba are of the form

  S-1-22-1-UID
  S-1-22-2-GID

You can add them to your /etc/passwd and /etc/group files by using the
`mkpasswd/mkgroup -U option, see
http://cygwin.com/cygwin-ug-net/using-utils.html#mkpasswd and
http://cygwin.com/cygwin-ug-net/using-utils.html#mkgroup

For instance:

  $ mkpasswd -o 20000 -U root,corinna -L my_samba_server
  Unix User\root:unused:20000:99999:,S-1-22-1-0::
  Unix User\corinna:unused:20500:99999:,S-1-22-1-500::
  $ mkgroup -o 20000 -U root,vinschen -L calimero
  Unix Group\root:S-1-22-2-0:20000:
  Unix Group\vinschen:S-1-22-2-11125:31125:

This gives a useful output in ls, getfacl or stat.

> You could mount the samba share with "noacl", see
> http://cygwin.com/cygwin-ug-net/using.html#mount-table


Corinna

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Corinna Vinschen]

On Apr 23 14:26, Michel Bardiaux wrote:
> [snip]
> 
> > You could mount the samba share with "noacl",
> > see http://cygwin.com/cygwin-ug-net/using.html#mount-table
> > Corinna
> 
> Thanks for the suggestion. I have added this to /etc/fstab:
> 
> Y: /cygdrive/y smbfs binary,noacl,auto 0 0

That won't work.  Don't try to overload the cygdrive prefix for
single drives, that's not supported.  Use something like

  Y: /my_y_drive whatever binary,noacl 0 0


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

RE: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Michel Bardiaux]

[snip]

>> Y: /cygdrive/y smbfs binary,noacl,auto 0 0

> That won't work.  Don't try to overload the cygdrive prefix for single drives, that's not supported. 
Ooops. How do I restore the normal default? It no longer appears in 'mount'.

> Use something like
>  Y: /my_y_drive whatever binary,noacl 0 0

Yep, that worked.

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Andrey Repin]

Greetings, Michel Bardiaux!

> I have also tried the same as you did (len.sh on a samba share) and saw
> the same problem. Then I saw that the len.sh got a (cygwin *and* linux)
> mode of -rwxrw-r-- *without* doing any chmod. Then I saw that *every*
> file I create on the samba share, gets the same mode!

testparm -s
please.


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 24.04.2012, <14:45>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

RE: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Michel Bardiaux]

[-- Attachment #1: Type: text/plain, Size: 732 bytes --]

> Greetings, Michel Bardiaux!
>
>> I have also tried the same as you did (len.sh on a samba share) and 
>> saw the same problem. Then I saw that the len.sh got a (cygwin *and* 
>> linux) mode of -rwxrw-r-- *without* doing any chmod. Then I saw that 
>> *every* file I create on the samba share, gets the same mode!
>
> testparm -s
> please.

Yes, this explains a lot - but not completely. The relevant lines being
the create masks:

0744 for global, 0755 for homes (the relevant share in my case), 0022 as
cygwin umask.

I would expect files created on the cygwin side to have 0755 on the
linux side (or possibly masked by global and/or umask). I do not see how
I end up with 0764.

Greetings,
(s) M. Bardiaux

[-- Attachment #2: testparm.txt --]
[-- Type: text/plain, Size: 7990 bytes --]

Load smb config files from /etc/samba/smb.conf
Processing section "[home]"
Processing section "[homes]"
Processing section "[www]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
[global]
	dos charset = CP850
	unix charset = UTF-8
	display charset = LOCALE
	workgroup = MDB
	realm = 
	netbios name = BESDEV01
	netbios aliases = 
	netbios scope = 
	server string = Samba 3.0.24
	interfaces = 
	bind interfaces only = No
	security = DOMAIN
	auth methods = 
	encrypt passwords = Yes
	update encrypted = No
	client schannel = Auto
	server schannel = Auto
	allow trusted domains = Yes
	map to guest = Never
	null passwords = No
	obey pam restrictions = No
	password server = besprd01
	smb passwd file = /etc/samba/smbpasswd
	private dir = /etc/samba
	passdb backend = smbpasswd
	algorithmic rid base = 1000
	root directory = 
	guest account = pkdev
	enable privileges = Yes
	pam password change = No
	passwd program = 
	passwd chat = *new*password* %n\n *new*password* %n\n *changed*
	passwd chat debug = No
	passwd chat timeout = 2
	check password script = 
	username map = 
	password level = 0
	username level = 0
	unix password sync = No
	restrict anonymous = 0
	lanman auth = Yes
	ntlm auth = Yes
	client NTLMv2 auth = No
	client lanman auth = Yes
	client plaintext auth = Yes
	preload modules = 
	use kerberos keytab = No
	log level = 0
	syslog = 0
	syslog only = No
	log file = /var/log/samba/log.%m
	max log size = 1000
	debug timestamp = Yes
	debug hires timestamp = No
	debug pid = No
	debug uid = No
	enable core files = Yes
	smb ports = 445 139
	large readwrite = Yes
	max protocol = NT1
	min protocol = CORE
	read bmpx = No
	read raw = Yes
	write raw = Yes
	disable netbios = No
	reset on zero vc = No
	acl compatibility = auto
	defer sharing violations = Yes
	nt pipe support = Yes
	nt status support = Yes
	announce version = 4.9
	announce as = NT
	max mux = 50
	max xmit = 16644
	name resolve order = lmhosts host wins bcast
	max ttl = 259200
	max wins ttl = 518400
	min wins ttl = 21600
	time server = No
	unix extensions = Yes
	use spnego = Yes
	client signing = auto
	server signing = No
	client use spnego = Yes
	enable asu support = No
	svcctl list = 
	deadtime = 0
	getwd cache = Yes
	keepalive = 300
	kernel change notify = Yes
	fam change notify = Yes
	lpq cache time = 30
	max smbd processes = 0
	paranoid server security = Yes
	max disk size = 0
	max open files = 10000
	open files database hash size = 10007
	socket options = TCP_NODELAY
	use mmap = Yes
	hostname lookups = No
	name cache timeout = 660
	load printers = Yes
	printcap cache time = 750
	printcap name = 
	cups server = 
	iprint server = 
	disable spoolss = No
	addport command = 
	enumports command = 
	addprinter command = 
	deleteprinter command = 
	show add printer wizard = Yes
	os2 driver map = 
	mangling method = hash2
	mangle prefix = 1
	max stat cache size = 0
	stat cache = Yes
	machine password timeout = 604800
	add user script = 
	rename user script = 
	delete user script = 
	add group script = 
	delete group script = 
	add user to group script = 
	delete user from group script = 
	set primary group script = 
	add machine script = 
	shutdown script = 
	abort shutdown script = 
	username map script = 
	logon script = 
	logon path = \\%N\%U\profile
	logon drive = 
	logon home = \\%N\%U
	domain logons = No
	os level = 20
	lm announce = Auto
	lm interval = 60
	preferred master = Auto
	local master = Yes
	domain master = Auto
	browse list = Yes
	enhanced browsing = Yes
	dns proxy = Yes
	wins proxy = No
	wins server = 
	wins support = No
	wins hook = 
	kernel oplocks = Yes
	lock spin count = 3
	lock spin time = 10
	oplock break wait time = 0
	ldap admin dn = 
	ldap delete dn = No
	ldap group suffix = 
	ldap idmap suffix = 
	ldap machine suffix = 
	ldap passwd sync = no
	ldap replication sleep = 1000
	ldap suffix = 
	ldap ssl = 
	ldap timeout = 15
	ldap page size = 1024
	ldap user suffix = 
	add share command = 
	change share command = 
	delete share command = 
	eventlog list = 
	config file = 
	preload = 
	lock directory = 
	pid directory = /var/run/samba
	utmp directory = 
	wtmp directory = 
	utmp = No
	default service = 
	message command = 
	get quota command = 
	set quota command = 
	remote announce = 
	remote browse sync = 
	socket address = 0.0.0.0
	homedir map = auto.home
	afs username map = 
	afs token lifetime = 604800
	log nt token command = 
	time offset = 0
	NIS homedir = No
	usershare allow guests = No
	usershare max shares = 0
	usershare owner only = Yes
	usershare path = /var/run/samba/usershares
	usershare prefix allow list = 
	usershare prefix deny list = 
	usershare template share = 
	panic action = /usr/share/samba/panic-action %d
	host msdfs = Yes
	passdb expand explicit = No
	idmap backend = 
	idmap uid = 
	idmap gid = 
	template homedir = /home/%D/%U
	template shell = /bin/false
	winbind separator = \
	winbind cache time = 300
	winbind enum users = No
	winbind enum groups = No
	winbind use default domain = No
	winbind trusted domains only = No
	winbind nested groups = Yes
	winbind nss info = template
	winbind refresh tickets = No
	winbind offline logon = No
	comment = 
	path = 
	username = 
	invalid users = root
	valid users = 
	admin users = 
	read list = 
	write list = 
	printer admin = 
	force user = 
	force group = 
	read only = Yes
	acl check permissions = Yes
	acl group control = No
	acl map full control = Yes
	create mask = 0744
	force create mode = 00
	security mask = 0777
	force security mode = 00
	directory mask = 0755
	force directory mode = 00
	directory security mask = 0777
	force directory security mode = 00
	force unknown acl user = No
	inherit permissions = No
	inherit acls = No
	inherit owner = No
	guest only = No
	guest ok = No
	only user = No
	hosts allow = 
	hosts deny = 
	allocation roundup size = 1048576
	aio read size = 0
	aio write size = 0
	aio write behind = 
	ea support = No
	nt acl support = Yes
	profile acls = No
	map acl inherit = No
	afs share = No
	block size = 1024
	change notify timeout = 60
	max connections = 0
	min print space = 0
	strict allocate = No
	strict sync = No
	sync always = No
	use sendfile = No
	write cache size = 0
	max reported print jobs = 0
	max print jobs = 1000
	printable = No
	printing = bsd
	cups options = 
	print command = lpr -r -P'%p' %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j
	lppause command = 
	lpresume command = 
	queuepause command = 
	queueresume command = 
	printer name = 
	use client driver = No
	default devmode = Yes
	force printername = No
	default case = lower
	case sensitive = Auto
	preserve case = Yes
	short preserve case = Yes
	mangling char = ~
	hide dot files = Yes
	hide special files = No
	hide unreadable = No
	hide unwriteable files = No
	delete veto files = No
	veto files = 
	hide files = 
	veto oplock files = 
	map archive = Yes
	map hidden = No
	map system = No
	map readonly = yes
	mangled names = Yes
	mangled map = 
	store dos attributes = No
	dmapi support = No
	browseable = Yes
	blocking locks = Yes
	csc policy = manual
	fake oplocks = No
	locking = Yes
	oplocks = Yes
	level2 oplocks = Yes
	oplock contention limit = 2
	posix locking = Yes
	strict locking = Auto
	share modes = Yes
	dfree cache time = 0
	dfree command = 
	copy = 
	include = 
	preexec = 
	preexec close = No
	postexec = 
	root preexec = 
	root preexec close = No
	root postexec = 
	available = Yes
	volume = 
	fstype = NTFS
	set directory = No
	wide links = Yes
	follow symlinks = Yes
	dont descend = 
	magic script = 
	magic output = 
	delete readonly = No
	dos filemode = No
	dos filetimes = Yes
	dos filetime resolution = No
	fake directory create times = No
	vfs objects = 
	msdfs root = Yes
	msdfs proxy = 

[home]
	comment = Dsk2 (P:)
	path = /home
	read only = No
	create mask = 0770

[homes]
	comment = Home directory (H:)
	path = /home/people/%S
	read only = No
	create mask = 0775
	browseable = No

[www]
	comment = Besdev01 www
	path = /var/www
	read only = No
	create mask = 0775
	force directory mode = 0775

[-- Attachment #3: Type: text/plain, Size: 218 bytes --]

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Andrey Repin]

Greetings, Michel Bardiaux!

>>> I have also tried the same as you did (len.sh on a samba share) and
>>> saw the same problem. Then I saw that the len.sh got a (cygwin *and* 
>>> linux) mode of -rwxrw-r-- *without* doing any chmod. Then I saw that 
>>> *every* file I create on the samba share, gets the same mode!
>>
>> testparm -s
>> please.

> Yes, this explains a lot - but not completely. The relevant lines being
> the create masks:

> 0744 for global, 0755 for homes (the relevant share in my case), 0022 as
> cygwin umask.

> I would expect files created on the cygwin side to have 0755 on the
> linux side (or possibly masked by global and/or umask). I do not see how
> I end up with 0764.

I can't tell much either, but take this as a note:
create mask = what bits can be set by client at creation time.
security mask = what bits can be edited afterward.
create mode = default bits to be set.
force mode = bits that will be enforced on resulting mask.

I'll leave a live example from one of my live servers:

[D]
        comment = Projects
        path = /home/.shares/d
        force group = DomainUsers
        read only = No
        create mask = 0775
        force create mode = 0664
        security mask = 0775
        force security mode = 0664
        directory mask = 0775
        force directory mode = 0775
        directory security mask = 0775
        force directory security mode = 0775

What this does is the following:
It makes sure that directories and files inside are owned by DomainUsers group.
It makes sure that group have at least read and write access to the files.
It makes sure that group and guests have listing and traverse rights on directories.

Another point of note: from my memory, samba fakes ACLs to represent
permissions. This may include many strange things.
For example, most of that ^^ directory content has 0777 perms, but when I
look from Cygwin, it coming out more granular.


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 24.04.2012, <18:18>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

RE: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Michel Bardiaux]

> From Andrey Repin

[snip]

>> 0744 for global, 0755 for homes (the relevant share in my case), 0022

>> as cygwin umask.

Sorry, correction: create mask 0744, create mode 0755. Which does help
my confusion:

>> I would expect files created on the cygwin side to have 0755 on the 
>> linux side (or possibly masked by global and/or umask). I do not see 
>> how I end up with 0764.

[snip]

> Another point of note: from my memory, samba fakes ACLs to represent
permissions. This may include > many strange things.
> For example, most of that ^^ directory content has 0777 perms, but
when I look from Cygwin, it
> coming out more granular.

Which is why in this discussion I have always checked the mode on the
nix side, using ssh.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Andrey Repin]

Greetings, Michel Bardiaux!

>> Another point of note: from my memory, samba fakes ACLs to represent
>> permissions. This may include many strange things.
>> For example, most of that ^^ directory content has 0777 perms, but
>> when I look from Cygwin, it
>> coming out more granular.

> Which is why in this discussion I have always checked the mode on the
> nix side, using ssh.

Mode on the *nix side seems unimportant, as Samba fakes ACL, if client do not
understand native modes.


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 24.04.2012, <21:06>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

RE: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Michel Bardiaux]

> From: Andrey Repin
> Mode on the *nix side seems unimportant, as Samba fakes ACL, if client
do not understand native
> modes.

It is unimportant if the samba share is just a file server for Windows
machines. But if you also work on 'nix machines, locally on that server
or via nfs, then you want modes that actually make sense from a 'nix
POV. "All files are executable" does not qualify...

Greetings,
(s) M. Bardiaux

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin 1.7.13-1: can't execute shell scripts on samba share

[Andrey Repin]

Greetings, Michel Bardiaux!

>> From: Andrey Repin
>> Mode on the *nix side seems unimportant, as Samba fakes ACL, if client do
>> not understand native modes.

> It is unimportant if the samba share is just a file server for Windows
> machines.

It is unimportant in the currently discussed issue.

> But if you also work on 'nix machines, locally on that server
> or via nfs, then you want modes that actually make sense from a 'nix
> POV. "All files are executable" does not qualify...

You'd want to sort this with Samba, then.


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 26.04.2012, <22:46>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple