https://bugzilla.samba.org/show_bug.cgi?id=14507 Bug ID: 14507 Summary: cifs ACL exec permission granted where it should be denied Product: CifsVFS Version: 5.x Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: kernel fs Assignee: sfrench@xxxxxxxxx Reporter: bjacke@xxxxxxxxx QA Contact: cifs-qa@xxxxxxxxx Target Milestone: --- if the owner of a file has exec permission, then cifs vfs seems to generally grants exec permission on files where ACL does not actually grant exec permission. Example: bjacke@cifstest1:/mnt3/a$ getcifsacl test.txt REVISION:0x1 CONTROL:0x8c04 OWNER:S-1-5-21-4207148185-4040488370-1588356217-500 GROUP:S-1-5-21-4207148185-4040488370-1588356217-513 ACL:S-1-5-21-4207148185-4040488370-1588356217-500:ALLOWED/I/FULL ACL:S-1-5-21-4207148185-4040488370-1588356217-513:ALLOWED/I/R ACL:BUILTIN\Users:ALLOWED/I/R I'm connected with a user who is just in the Users group and I *can* execute the test.txt file. This should not be allowed. Only Administrator (S-1-5-21-4207148185-4040488370-1588356217-500) has execute permission according to the ACL. -- You are receiving this mail because: You are the QA Contact for the bug.
