[Samba] VFS ACL modules - question to developers
David Roid
dataroid at gmail.com
Mon Dec 5 18:29:46 MST 2011
Got it, thanks for the clarification.
2011/12/6 Jeremy Allison <jra at samba.org>
> On Tue, Dec 06, 2011 at 02:16:34AM +0800, David Roid wrote:
> > Hi Jeremy,
> >
> > I can understand the limit of acl_xattr because every specific file
> system may
> > impose a limit on number of extended attributes. But now that with
> acl_tdb ACLs
> > are stored in tdb file, should not there be nothing to do with file
> system?
>
> The acl_tdb module layers a storage of the pristine Windows ACL
> into a tdb, but in order for the underlying file system permissions
> to accurately reflect those Windows permissions we still have
> to map the Windows ACL onto the underlying file system ACL.
>
> If we didn't do this NFS access or local process access
> would completely ignore the Windows permissions (which is
> not what most people want).
>
> We could extend the acl_tdb and acl_xattr modules so
> that they never consider the underlying file system permissions,
> but that would completely divorce the Windows permissions
> from the local filesystem permissions. We dont' do that
> yet (it would need some additional coding) as no one has
> ever demanded that as a feature.
>
> It would only work for a Windows-only (CIFS/SMB/SMB2-only)
> fileserver with no NFS or local access allowed.
>
> Jeremy.
>
More information about the samba
mailing list