NT ACL / Security descriptor checking function

David Collier-Brown davecb at canada.sun.com
Fri Feb 11 14:00:28 GMT 2000

Luke Kenneth Casson Leighton wrote:
> this was discussed four to five months ago, my recommendation was to do it
> the other way round: map immediately out as soon as possible to NT
> security descriptors, and maintain for as long as possible NT SDs before
> converting to, say... POSIX or Unix ACls or file permissions.
> reason: you don't want to impose a restriction, in the file-system
> example, of mapping to POSIX-based ACLs, only to find later that the
> underlying filesystem actually supports a much richer ACL implementation
> thatn the [limited] POSIX one, or even fully supports NT security
> descriptors, such as the linux NTFS drivers.

	I mildly agree: I speculate you have two modules,
	one which just looks up the ACLS in an underlying
	filesystem that supports them all, or supports
	a superset. This may well be a stub unless you happen
	to have linux NTFS handy...

	The other is the mapping to subsets, which is what we
	do now. 

David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com

More information about the samba-technical mailing list