Samba support for ACLs
Andrew Tridgell
tridge at samba.anu.edu.au
Mon Aug 24 01:09:32 GMT 1998
> I am investigating the addition of code to Samba to allow support for ACL
> permissions under Solaris.
ok
> I've considered adding support for the Solaris function call
> "access" inside of the dos_mode function of server.c.
don't use access(). In fact don't us any function that asks "can I do
X", you always want to say "do X" and deal with the error code
instead.
The reason is races. If smbd called access() on a file to ask "can
this user do that action on some file" then access() will say whether
that action can be done now, it won't tell you whether it can be done
in a few microseconds when you try to do the action. Malicious users
can use the race to bypass the tests.
That's why smbd only does "can I do X" type calls for unimportant
stuff (like displaying the permissions of a file in a explorer
window). smbd instead switches euid every time it wants to do an
action as a particular user and relies on the atomic nature of system
calls to ensure that no races exist.
> I'm looking for a solution that will allow users to read and
> write files for which they are given permission through an ACl.
then you will have to work out how ACLs interact with the effective
user id of the process.
Cheers, Tridge
More information about the samba-technical
mailing list