Samba support for ACLs

Andrew Tridgell tridge at
Tue Aug 25 04:19:05 GMT 1998

> Solaris ACLs are support by the open call.  If an ACL permits or
> denies you permission based upon extended attributes, the open call
> will succeed or fail accordingly.

great, then it must be just cosmetics that need to be fixed.

> The dos_mode function reports the read-only attribute, amoung others, to
> the client for a file.  It appears to me that when Samba tells the client
> that it has read-only access to a file, the client will not attempt to
> open the file for writing.  For instance, MS Word reports opened files as
> read-only even though an open for read/write by the OS will succeed.  My
> change is to change what Samba reports to the client concerning read-only
> status.  I do not have an intention of affecting the code that does a
> physical file open.

I'd suggest you instead just set "alternate permissions = yes". This
will be the default for Samba 2.0 anyway (if I get my way). It means
that the file is marked as writeable if the owner can write it. This
is closer to what NT does.

> Because the open function supports ACLs, am I correct that the
> race condition that you referenced is not a factor?

yes, the race is not a factor in this case, but I wouldn't bother
making the change as I plan on removing that code for Samba 2.0
anyway, and just using the:

    if ((sbuf->st_mode & S_IWUSR) == 0)
      result |= aRONLY;


Cheers, Tridge

PS: CCd to samba-technical as I think this may interest some people.

More information about the samba-technical mailing list