generic ACL interface (RFC)
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Wed Jul 28 17:17:44 GMT 1999
On Wed, 28 Jul 1999, Cole, Timothy D. wrote:
> > -----Original Message-----
> > From: Jean Francois Micouleau [SMTP:Jean-Francois.Micouleau at dalalu.fr]
> > Sent: Tuesday, July 27, 1999 17:27
> > To: Multiple recipients of list SAMBA-TECHNICAL
> > Subject: Re: generic ACL interface (RFC)
> >
> > On Wed, 28 Jul 1999, Cole, Timothy D. wrote:
> >
> > > typedef struct acl_entry_info {
> > > ACL_ENTRY_TYPE type;
> > > int32 flags;
> > > uid_t user_id;
> > > DOM_SID user_sid;
> > > gid_t group_id;
> > > DOM_SID group_sid;
> > > struct {
> > > int32 allow;
> > > int32 deny;
> > > } perms;
> > > } ACL_ENTRY;
> >
> > why do you want to mix uid/gid and sid in the ACL_ENTRY ? If the structure
> > is representing the POSIX theorical view, only Unix informations should be
> > in.
> > And some rid<->uid/gid functions already exist in samba.
> >
> The dual uid/gid + suid thing is there for situations where there
> may be a specific SID associated with the ACL, but not a user id to go with
> it (unless all of the unmapped SIDs are squashed to root or something).
> ACLs returned from the client, for instance.
the "duality" i would like to be kept in a separate structure, tim, which
the ACL system can look up or retain a pointer to it.
> I dunno; I guess I'll try a first implementation without the SIDs,
> as you suggest.
i'll read more messages, see if you commented on my message from yesterday
before responding to this.
luke
More information about the samba-technical
mailing list