[linux-cifs-client] Re: [PROPOSAL] extend UNIX_INFO2 to flag extended access controls (take 2)

Steve French smfrench at austin.rr.com
Fri Jan 25 19:00:28 GMT 2008


James Peach wrote:

> On Jan 25, 2008, at 10:09 AM, simo wrote:
>
>> And we are not considering filesystems that use alternative ACL
>> implementations.
>>
>> Wouldn't it make sense to use an "access" call implemented by CIFS
>> server instead ?
>
>
> In the long run, we ought to have an access call as well. That's just  
> not something I have a detailed proposal for yet.
>
Yes, we have talked about adding an access call in the past, and it may 
be time to define it, but remember that there are multiple access models 
that a client could implement (for Linux cifs client it is configurable) 
- one in which the client is trusted and mounts e.g. as Administrator.  
In this model, the client probably wants to know more than the mode bits 
to evaluate access control (although for Linux client we do this only 
with the mode today).   The second model (the "multiuser mount" model, 
which is necessary for untrusted clients) is one in which a different 
smb uid is sent to the server based on the uid of the calling process on 
the client - in this case the server can make the access decisions 
properly based on the identity of the user who launched the process on 
the client.  Although for this second case it may make sense to define 
an access call, it does end up being very expensive (by comparison with 
NFS).



More information about the linux-cifs-client mailing list