What to do when Windows client asks you to set permissions that
you can't?
Richard Sharpe
rsharpe at richardsharpe.com
Wed Mar 19 22:40:24 GMT 2003
On Wed, 19 Mar 2003, Ken Cross wrote:
> Richard:
>
> By all means, leave them not trusting the file system. ;-)
>
> Seriously, we have a similar situation, where we have almost-Windows
> ACLs. It's a continuing problem.
>
> However, we've found it best to do whatever is appropriate to avoid
> alarming the user. Typically, this means silently doing the
> next-best-thing, whatever that is.
>
> An example is setting Read Attributes, but disabling Read Extended
> Attributes. We don't implement them both, so we set them both to
> whatever the last request was.
Hmmm, that sounds like you have the bits in your ACLs, but do not
implement the semantics associated with them?
As far as I can see, Windows requires that you have WRITE_DATA,
WRITE_ATTRIBUTES and WRITE_EXTENTED_ATTRIBUTES to allow you to write to a
file.
This seems surprising, but not unexpected given that NTFS implements file
data as the unnamed $DATA attribute :-)
> It ain't perfect, but it's an approximation anyhow.
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list