inherit mode

[Jeremy Allison]

Andy Bakun wrote:
> 
> David Lee wrote:
> 
> > So instead of "inherit mode" being a simple boolean, perhaps it could
> > be a multi-valued switch: no/yes/setgid:
> > o  "no" (default) would maintain existing behaviour;
> > o  "yes" would give my simple-to-explain per-share action;
> > o  "setgid" would give Allison/Bakun "only applies to setgid".

I really like this also. I don't like the parameter name (how about
"inherit security" instead ?) but other than that this seems to be
the best option.

> Although, how force mode interacts with inherit mode is another story.  I think
> technically Jeremy is correct in saying that force mode overrides inherit mode (after
> all, that's what "force" means), but in practice, I think that using force mode and
> "inherit mode = yes" should be undefined (or, one or the other should be ignored and
> generate a warning in the log), and that "inherit mode = setgid" overrides the value
> given to force mode.  This makes force mode work on files not within setgid
> directories -- which I think is the most flexible behavior.

Ok - I'm beoming convinced that setting "inherit security" should
override force mode if not set to "no". This is starting to make
more sense.

> Overall, I think inherit mode is close to The Right Thing(tm).  I know there has been
> some debate in the past about having Samba implement it's own permissions structure,
> and I think inherit mode allows samba to operate much more smoothly with UNIX
> semantics than was possible before.

Yes, it is definately a win.

I'm out doing talks until Sept 12th or so, and will start
on coding this up for the next release (or maybe target
2.2.x) once I return.

The discussions on this are *really* helpful !

Cheers,

	Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------