Dear OMV users / developers.
I just upgraded my "Server" (It's actually a TerraMaster F5-221 NAS with Intel CPU) to Debian 11 Bullseye and also installed OMV 6 and pi-hole on it natively (without a container) - works fine so far, but OMV 6 seems to have an issue with SMB shares that was not present in OMV 5.
I noticed that I was not able to run any downloaded EXE files from my Downloads folder on my Server running OMV 6. That actually happened twice now, the first time I was able to get it running by completely removing the share, the shared folder, the file system, the RAID and finally wiped all three harddisks and started from scratch by restoring a backup. This time I did the same (reinstalled Debian since I swapped the SSD in the server) but this time I went for BTRFS instead of EXT4 as file system - and this time the execution policy issue was still there after.
It seems to me that OMV does not set the ACL execution policy properly (just a guess) on the share. If I open the security settings of the EXE in Windows, the file has missing execution rights for "Users" despite the permissions are set accordingly (see below). The same is shown by chmod in Midnight commander from a SSH shell.
I managed to get around the issue by setting the parameter
acl allow execute always = yes
In the "Extras" section of the ACL settings of the share - afterwards it works just fine. I don't care if execution is allowed in every case now since it was not restricted in the first place.
Did I overlook something or is this an issue with OMV 6?
Windows 11 / No execution possible on share / Windows 11, OMV parameter set, execution works
OMV share ACL
The share access user is part of the user groups "users", "smbshare" and "minidlna" (minidlna is also installed), as you see above, the ACL is set to give read/write/execute rights to the group "users". Just in case the list of manual assignments (right screenshot above) overwrites the execution policy, i deleted the share and did not tick the read/write box on the user groups exept minidlna as read only.