Samba on Linux with no ACL's is making things tough
David Collier-Brown - Sun Canada
davecb at scot.canada.sun.com
Sun Apr 2 22:40:47 GMT 2000
Michael Marschall wrote:
| Actually putting SAMBA on a Solaris, HP-UX or SGI box defeats the purpose
| of me using SAMBA in the first place (lower cost).
Fair enough: I had hoped you had one around somewhere.
[Semi-serious suggestion from my employer: run Solaris x86,
for the cost of media, see
http://www.sun.com/developers/tools/solaris/solarispromo.html]
| I just cannot believe that nobody has
| found a way to function in a complex sharing environment with Linux and
| Samba. It leads me to think that Samba is only good for two situations, 1)
| When you have a UNIX OS with ACLs in the underlying file system or 2) if
| you have very unsophisticated file storage setup.
In fact, you have an unusual case, one which Thompson and Ritchie
consciously left out. Their replacement (groups) was insufficient.
They really didn't want to get into "security aware" OSs, ones
in which the users were expected to want to blow away each other.
Unix can be adapted to this case, but it's hard. For years,
the only "B2 Secure" OS was Multics, which ran on $1 Million
hardware...
I've been actively following the ACL discussion on samba-technical,
and the Samba folks are coding for ACLS as we speak, but you
have to have "something there" to code to. They really have to add
them on top of an acl-aware filesystem. Please note: this
includes Linux NTFS, as well as other more experimental FSs.
This, however, will not appear in time to be a decent approach
for your current problem. So you're probably stuck with NT
for this particular filesystem tree. If you want to introduce
Samba to the mix, consider using it to export your binaries
tree(s).
--dave
--
David Collier-Brown in Boston
Phone: (781) 442-0734, Room BUR03-3632
More information about the samba
mailing list