generic ACL interface (RFC)

Luke Kenneth Casson Leighton lkcl at switchboard.net
Wed Jul 28 17:17:44 GMT 1999


On Wed, 28 Jul 1999, Cole, Timothy D. wrote:

> > -----Original Message-----
> > From:	Jean Francois Micouleau [SMTP:Jean-Francois.Micouleau at dalalu.fr]
> > Sent:	Tuesday, July 27, 1999 17:27
> > To:	Multiple recipients of list SAMBA-TECHNICAL
> > Subject:	Re: generic ACL interface (RFC)
> > 
> > On Wed, 28 Jul 1999, Cole, Timothy D. wrote:
> > 
> > > typedef struct acl_entry_info {
> > > 	ACL_ENTRY_TYPE type;
> > > 	int32 flags;
> > > 	uid_t user_id;
> > > 	DOM_SID user_sid;
> > > 	gid_t group_id;
> > > 	DOM_SID group_sid;
> > > 	struct {
> > > 		int32 allow;
> > > 		int32 deny;
> > > 	} perms;
> > > } ACL_ENTRY;
> > 
> > why do you want to mix uid/gid and sid in the ACL_ENTRY ? If the structure
> > is representing the POSIX theorical view, only Unix informations should be
> > in.

> > And some rid<->uid/gid functions already exist in samba.
> > 
> 	The dual uid/gid + suid thing is there for situations where there
> may be a specific SID associated with the ACL, but not a user id to go with
> it (unless all of the unmapped SIDs are squashed to root or something).
> ACLs returned from the client, for instance.

the "duality" i would like to be kept in a separate structure, tim, which
the ACL system can look up or retain a pointer to it.

> 	I dunno; I guess I'll try a first implementation without the SIDs,
> as you suggest.

i'll read more messages, see if you commented on my message from yesterday
before responding to this.

luke



More information about the samba-technical mailing list