security mask/force security mode semantics (Was: RE: Samba 2.0.5
released.)
Cole, Timothy D.
timothy_d_cole at md.northgrum.com
Wed Jul 21 16:50:15 GMT 1999
> -----Original Message-----
> From: Jeremy Allison [SMTP:jallison at cthulhu.engr.sgi.com]
> Sent: Tuesday, July 20, 1999 21:58
> To: Multiple recipients of list SAMBA-TECHNICAL
> Subject: Samba 2.0.5 released.
>
> docs/textdocs/NT_Security.txt
> docs/htmldocs/NT_Security.html
>
Hrm; the mask descriptions aren't _quite_ accurate:
"Essentially, zero bits in the "security mask" mask may be treated
as a set of bits the user is not allowed to change, and one bits are those
the user is allowed to change."
This is not correct; zero bits in the security mask indicate bits
that the user is permitted to clear, but not set.
"Essentially, bits set in the "force security mode" parameter may be
treated as a set of bits that, when modifying security on a file, the user
has always set to be 'on'."
Likewise, bits set in the "force security mode" indicate bits that
the user is permitted to set but not clear.
Hrm... I'm still not sure I'm explaining this clearly, either.
It's a hard behavior to describe succinctly...
It might be a good idea to include a transition table to illustrate
this (I hope you're not using a proportional font):
Original Value: | 0 | 1 |
Security Mask: | 0 | 1 | 0 | 1 |
Force Security Mode: | 0 | 1 | 0 | 1 | 0 | 1 | 0 | 1 |
--+---+---+---+---+---+---+---+---+
0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 1 |
Desired Value: --+---+---+---+---+---+---+---+---+
1 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 1 |
--+---+---+---+---+---+---+---+---+
The order in which the mask and force mode are applied is not
significant.
Ugh. I think even the table is confusing...
More information about the samba-technical
mailing list