All files on shares are created executable

I’m using Linux and SMB.

When I copy / create files on an smb share using either POSIX or NFSv4 permission, all files are created as executable and setgid is not respected.

What I want to do:
I’m using rsync for backup from truenas and sometimes Linux. If I set permissions to NFSv4 I get permission warning when trying to rsync -av as root

So I went with simpler POSIX permissions on dataset. I can also go NTFSv4 if I can rsync as root and if I can create files with 640 by default (or what I pick 644 in some cases) as share user.

When I copy or create files on shares I don’t want all created files to be executable by default. I vrote a script to set permissions and ACLs just right:

  i=/mnt/volume1/testshare1
  sharename=${testshare1}
  groupname=${sharename}

  chown -R alyx:${groupname} "${i}"
  # strip permissions before applying
  chmod -R 0000 "${i}"
  setfacl -R -bn "${i}"
  # apply permissions
  chmod -R u=rwX,g=rX,o=--- "${i}"
  # set sticky group only on top
  chmod g+s "${i}"

  # set default acl
  setfacl -m d:u::rwx "${i}"
  setfacl -m d:g::r-x "${i}"
  setfacl -d -x o:: "${i}"
  setfacl -d -m u:gordon:rX "${i}"
  setfacl -d -m u:alyx:rwX "${i}"
  setfacl -d -m u:root:rwX "${i}"

  # set recursive acls
  setfacl -R -m u:gordon:rX "${i}"
  setfacl -R -m u:alyx:rwX "${i}"
  setfacl -R -m u:root:rwX "${i}"

  setfacl -m d:m:rw "${i}"

Alyx should be able to write to share, while Gordon may be compromised by the Combine :slight_smile: so he should have readonly.

When I do this and create a file the file is owned by alyx:alyx despite sticky bit set and is group executable.

How can I make files written to shares not be executable by default?