[PROPOSAL] extend UNIX_INFO2 to flag extended access controls
(take 2)
James Peach
jpeach at apple.com
Fri Jan 25 18:00:43 GMT 2008
On Jan 25, 2008, at 9:51 AM, Steve French wrote:
> James Peach wrote:
>
>> Hi all,
>>
>> This is a modified version of my earlier proposal,
>> <http://marc.info/?l=samba-technical&m=120103599815292&w=2>
>>
>> I think that this version clarifies my intent and solves the
>> backwards compatibility /versioning problem.
>>
>> 1. The Problem
>>
>> The fundamental problem is that a SMB client that uses UNIX_INFO2
>> isn't able to use the Permissions field to evaluate access(2) if
>> the server implements a permissions model that goes beyond the
>> basic Unix permissions bits.
>>
>> However, even when the server implements an extended permissions
>> model, most files residing on the server do not have extended
>> permission applied to them.
>>
>> If the Unix permissions are the only access control on the file,
>> then the client can accurately handle access(2) calls without
>> making further round trips to the server (as long as it is
>> prepared to live with the race condition).
>>
>> 2. The Proposal
>> #define UNIX_NO_EXTENDED_PERMISSIONS (1<<63)
>> The server MAY set the UNIX_NO_EXTENDED_PERMISSIONS bit in the
>> UNIX_INFO2 Permissions field if this field completely describes
>> the permissions of the file.
>> That is, if the server sets this bit, it is indicating to the
>> client that the file has no access control other than the Unix
>> permissions bits described in the SNIA QUERY_FILE_UNIX_BASIC
>> documentation.
>> 3. Compatibility
>> Existing servers that support the Unix extensions leave the
>> UNIX_NO_EXTENDED_PERMISSIONS clear, indicating that there MAY be
>> an extended permissions model in use. In this case, clients SHOULD
>> uses their existing strategies for presenting permissions to the
>> user and for evaluating access(2).
>>
>>
> I don't mind this (evaluating the permission call properly would be
> helpful), but I am most concerned with how expensive it is to do
> this on the server. If it is too slow, it is cheaper to have the
> client query.
I guess that only servers that can figure this out cheaply would ever
set the UNIX_NO_EXTENDED_PERMISSIONS bit. If its too expensive to
figure out, they just stick with todays status quo.
Note that if the UNIX_NO_EXTENDED_PERMISSIONS is clean it doesn't mean
that there *is* definitely extended permissions, only that there might
be. Just like today.
More information about the samba-technical
mailing list