[jcifs] support for AD ACLs

Michael B Allen mba2000 at ioplex.com
Mon Oct 24 22:48:32 GMT 2005


On Mon, 24 Oct 2005 14:40:06 -0500
"rob" <cnei at usa.net> wrote:

> Smbcacls is a tool you can use from the Linux command like to view ACLs on
> remote samba shares.  As I understand it, it's 'partially' compatible,
> resulting in errors that many may not really care about.  It looks to be
> fairly accurate.
> 
> BTW: This is a google post from a couple weeks ago.  Haven't gotten a reply
> yet.

JCIFS doesn't communicate with the local "filesystem that supports
ACLs (like ext3)" so there are no "minor incompatibilities" to deal
with. Presumably you're referring to the deferrences between POSIX and
CIFS ACLs. If you went through Samba you could use JCIFS provided it
had the code to get security descriptors in which case Samba would be
responsible for any "incompatibilites".

But it doesn't have the code to read security descriptors because we
would also need RPCs to resolve the SIDs in the ACEs. Otherwise you
can't see the names of the users and groups. To resolve the SIDs you
need Jarapac (and there are examples that do just that) but putting it
all together in a coherent distribution is something I just don't have
Free time for anymore.

Mike

> Reading Windows ACLs from Java/Linux
> 	
> cnei at usa.net 	  Oct 18, 9:57 pm     show options
> Newsgroups: mailing.unix.samba-technical, comp.lang.java.advocacy,
> comp.lang.java.programmer
> From: c... at usa.net - Find messages by this author
> Date: 18 Oct 2005 19:57:07 -0700
> Local: Tues, Oct 18 2005 9:57 pm
> Subject: Reading Windows ACLs from Java/Linux
> Reply | Reply to Author | Forward | Print | Individual Message | Show
> original | Report Abuse
> 
> Hello World,
> 
> I'm looking for ways to read Windows ACLs for files and directories
> from a Linux JVM.  I've seen references to jCIFS and jarapac when
> others have asked the question, but looking into those options further
> I haven't found any examples, APIs, or Javadocs that explain how to do
> it.
> 
> Other sources I've encountered seem to imply the need to make such
> interrogations from a file system that supports ACLs (like ext3) and
> even then, minor incompatibilities could cause some errors.  If that's
> the case, I suppose that would make things tough for jCIFS and jarapac.
> 
> Does anyone have insight on how ACL access can be gained from a Linux
> JVM?  And if a package does not exist to do this, could someone clarify
> the difficulties in doing so?
> 
> TIA!
> 
>          -cnei!
> 
> 
> 
> > -----Original Message-----
> > From: jcifs-bounces+cnei=usa.net at lists.samba.org [mailto:jcifs-
> > bounces+cnei=usa.net at lists.samba.org] On Behalf Of Michael B Allen
> > Sent: Monday, October 24, 2005 1:07 PM
> > To: James Maupin
> > Cc: jcifs at samba.org
> > Subject: Re: [jcifs] support for AD ACLs
> > 
> > What is smbcacls?
> > 
> > On Mon, 24 Oct 2005 09:22:13 -0500
> > "James Maupin" <james.maupin at metacarta.com> wrote:
> > 
> > > Michael,
> > >
> > > Do you know of anybody adding smbcacls like functionality to jcifs? Or,
> > for
> > > that matter, do you know of anybody porting smbcacls to java?
> > >
> > > Thanks in advance.
> > >
> > > regards,
> > > James
> > >
> > > -------------------------------------
> > > James Maupin
> > > Business Development Engineer, Energy
> > >
> > > MetaCarta, Inc. ( www.metacarta.com )
> > > 1155 Dairy Ashford
> > > Suite 201
> > > Houston, TX 77079
> > >
> > > Tel: (832) 300-8800 USA
> > > Mob: (832) 746-6802 USA
> > > james.maupin at metacarta.com
> > >
> 


More information about the jcifs mailing list