[linux-cifs-client] Re: Status of POSIX ACLs
Steve French
smfltc at us.ibm.com
Thu Nov 18 21:07:11 GMT 2004
On Thu, 2004-11-18 at 06:00, linux-cifs-client-request at lists.samba.org
wrote:
> 2. Status of POSIX ACLs (Markus Meissner)
>
>
> From: Markus Meissner <mlist at meissner.it>
> Subject: [linux-cifs-client] Status of POSIX ACLs
> I am using samba 3.0.8 on the server and the client, both are Debian
> testing. I have recompiled the cifs-module (available on the client, kernel
> 2.6.8-1-686-smp) to support "CONFIG_CIFS_XATTR" and
> "CONFIG_CIFS_POSIX" (disabled by default). On the server I have set global
> "unix extensions = yes" and for the share "ea support = yes". The share is
> on an xfs filesystem supporting ACLs. Accessing the share from a
> windows-xp-client works as expected (incl. ACL-support). Accessing the
> share via mount.cifs works, but I can't see the ACLs via getfacl and I
> can't create/modify files if the user is allowed to via ACL but not via the
> plain unix-permissions.
>
> Can anyone tell me the status of the implementation?
XATTR support in Linux CIFS VFS works and "user." xattrs map to OS/2
style EAs (which work to Windows as well as Linux/Samba on some
filesystems including JFS/XFS/EXT3). Unfortunately I think you need
"system" xattr support which has security implications if we allowed it
(it would be trivial to implement otherwise). "POSIX" ACLs usually map
to names in a different namespace (system rather than user xattrs) IIRC
system.defaultacl etc. It would be trivial to map the system. xattrs to
EAs on the wire but the security implications worried me, as the
permissions necessary to change file/directory data (GENERIC_READ,
GENERIC_WRITE etc.) or EAs (FILE_WRITE_EA permission) are different than
the permission that should be enforced for changing ACLs (WRITE_DAC
permission) and I did not want to open a security hole where a user, who
was not even the file owner (and who does not have WRITE_DAC permission)
could overwrite the ACL of a Linux user by simply going to a Windows
client and changing the EA for that file. This may be overly
pessimistic view, because Windows does allow restricting FILE_WRITE_EA
permission (although a bit hard to find in the ACL management GUIs) and
this may be fine for most environments.
jra and others have suggested (and I strongly agree on the need) a minor
extension to the CIFS wire protocol (as part of the forthcoming "CIFS
POSIX" extensions) to handle POSIX ACLs.
More information about the linux-cifs-client
mailing list