NT file-permissions

Jeremy Allison jallison at cthulhu.engr.sgi.com
Tue Jul 20 16:40:26 GMT 1999

Cole, Timothy D. wrote:
> Hrm; are you talking about "faking" full ACLs in Samba itself (probably
> using metadata stored in files someplace), or simply supporting (exposing)
> native ACLs on those Unices that have them?
> I'm don't think the former is a good idea:  it causes the burden of access
> control to fall on Samba, rather than the OS.  Among other things, that
> would allow (indeed, require, if the underlying OS did not support ACLs) the
> access granted by Samba and the OS to get out of sync.
> The latter, however, is probably a good idea.  Note that, as there is no
> apparent standard for ACL implementations under Unix, a separate
> implementation is needed for each OS.  I've been playing with some ideas for
> an HP-UX implementation, myself.  Probably what's needed first is a set of
> generic utility functions to get/set NT ACLs on Unix files, with the actual
> implementation varying depending on the host OS.

Yep, that's exactly what I'm planning for a future release.

I intend to abstract the ACL interfaces (which are different
on almost *every* UNIX, as the POSIX committee failed to
agree - arghhhhh !) in the same way as the lib/system.c

I'll probably implement them on IRIX first as that's what
I have access to, but I'll use this list to try and design
the interface first, so hopefully multiple people can work
on implementations at the same time.


	Jeremy Allison,
	Samba Team.

Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list