[PATCH] Maintain DOS attributes of externally copied file
ZINKEVICIUS,MATT (HP-Loveland,ex1)
matt_zinkevicius at hp.com
Wed Aug 8 01:05:14 GMT 2001
> So what changes would be made by this daemon? Am I right in
> guessing it's
> POSIX ACLs?
The daemon calls a tool which copies/removes the security descritor for that
file. Not using POSIX ACLs, but true NT security descriptors (and DOS
attributes), which are stored in a database. Filesystems with extended
attributes wouldn't need this daemon as the security descritor is
copied/deleted along with the file. Samba then uses these security
descriptors to enforce security rather than the current model of using unix
permissions, which makes the server much more compatible(*) in NT
environments.
(*) Currently the patch lives within samba's VFS (posix call wrapper) layer.
Jeremy was here recently and we both agreed that there needs to be another
VFS layer at the SMB call level and my patch should use that. Because it's
at the posix call layer though, some functions cannot determine their
calling context fully and therefore can't be emulated. As an example,
allow/deny file execution cannot be enforced, because of lack of context.
--Matt
More information about the samba-technical
mailing list