Support for Solaris ACL?
David Collier-Brown
davecb at Canada.Sun.COM
Thu Feb 5 14:53:52 GMT 1998
You wrote:
| The problem is, that I need to share these files with Samba, to Win95
| clients. When doing this people don't get the rights the need, because
| Samba don't support/respect the additionally rights given in the ACLs.
| So my question is, will Samba get support for Solaris ACL system?
It sorta does and sorta doesn't...
If I set up a file with specific ACLs on Solaris and share it
via Samba, the samba server process will honour the ACLs because it has
to: Solaris enforces them on it.
Therefor the file will be acessable/inacessable to a user accessing
them via Samba just as if she was accessing them on Solaris.
The file will retain the ACLs **UNLESS** the user happens to access
it with a program that goes...
rename file X to X.BAK
open file X.BAK for read
open file X for update
copy from X.BAK to X
change contents
flush changes to X
close both
exit
This scenario will cause the client machine to have Samba open
a new file. As Samba doesn't grok ACLs. it can't provide the
acls or permissions of X to the application, and the application can't
reproduce them when opening the ``new'' X.
Poof! the ACLs appear to disappear!
Programs which copy to X.BAK and then directly edit X will leave
X ``correct'' in this scenario, but X.BAK will me be missing ACLs...
which may turn out to be A Bad Thing.
Try a trivial test to see if this is what is happening... Feel free
to send me logs and questions.
--dave c-b
[ps: in a previous life as DRBrown.TSDC at HI-Multics.ARPA, I had to
learn ACLS. Ugh! I found Mandatory Access easier to understand.
Oh well, I now know enough to be dangerous (:-)]
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | davecb at hobbes.ss.org, canada.sun.com
M2N 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb
More information about the samba
mailing list