NT file-permissions

Allan Bjorklund allan at umich.edu
Thu Jul 22 14:26:22 GMT 1999

--On Wednesday, July 21, 1999, 5:40 PM +1000 Robert Frank
<frank at ifi.unibas.ch> wrote:

>  > --On Wednesday, July 21, 1999, 6:09 AM +1000 Oliver Raupach
>> <oliver at mm.gop.de> wrote:
>> > "Cole, Timothy D." wrote:
>> >> 
>> >> Hrm; are you talking about "faking" full ACLs in Samba itself
>> >> (probably using metadata stored in files someplace)
>> > 
>> > Yes, that's exactly what I need. 
>> > 
>> > I need a "special share" which supports the NT file permissions. So, I 
>> > can add quick some users for read or write access for one single file 
>> > or directory without building UNIX-groups....
>> > 
>> >> I'm don't think the former is a good idea:  it causes the burden of
>> >> access control to fall on Samba, rather than the OS.  Among other
>> >> things, that would allow (indeed, require, if the underlying OS did
>> >> not support ACLs) the access granted by Samba and the OS to get out of
>> >> sync.
>> > 
>> > Yes, thats right. Samba has to do the whole access control stuff.
>> But then you get inconsistent behavior for the same user between
>> your UNIX/Mac/Whatever logins and NT.
> Unless you restrict the entire (sub)tree to a unique user, restrict all
> access to that user  and tell samba to access that (sub)tree as that user
> only. In this way you shut out all but the root unix users ... And if you
> really need unix access, well, use the samba libraries to build the unix
> tools ... (should be no problem with linux: a new filesystem library?)

    But all the world is not Linux and it seems really silly to add
another layer to basically undo the action of a previous layer.

    Building a specific scheme like this into SAMBA is just not good.

    Doing dynamically loaded libraries that can be loaded on a per share
basis to handle special permission schemes is.  It gives everyone the
flexibilty to do what they need.


  Allan Bjorklund                  |                  allan at umich.edu
  Systems Research Programmer      |           University of Michigan
  Research Systems UNIX Group      |               535 W. William St.
  Information Technology Division  |              Ann Arbor, MI 48103
  1-(734)-763-9391                 |                           U.S.A.

More information about the samba-technical mailing list