Can anyone please comment on the use of “acl allow execute always=yes” under Auxillary Parameters in the Advanced Options SMB share edit menu? Adding this parameter lets me open executable files in Windows from my TrueNAS SMB share. Without this parameter, I get permissions error messages from Windows. Not sure this is the ONLY (much less BEST) approach to running executable files from a TrueNAS Core SMB share.
/*
* Samba 3.6 and earlier granted execute access even
* if the ACL did not contain execute rights.
* Samba 4.0 is more correct and checks it.
* The compatibility mode allows one to skip this check
* to smoothen upgrades.
*/
if (lp_acl_allow_execute_always(SNUM(fsp->conn))) {
do_not_check_mask |= FILE_EXECUTE;
}
status = smbd_check_access_rights_fname(fsp->conn,
fsp->fsp_name,
use_privs,
access_mask,
do_not_check_mask);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
return status;
}
The best approach is to simply grant your users these permissions in the file ACL. This is an old hack for Samba 3.6 compatibility.