NT ACL / Security descriptor checking function

Elrond Elrond at Wunder-Nett.org
Sat Feb 12 15:14:34 GMT 2000

On Sat, Feb 12, 2000 at 09:22:53PM +1100, Michael Stockman wrote:
> > jeemy has done a perfectly good job of coming up with heuristics to
> turn
> > VMS security descriptors into a unix file permissions.  from what i
> > understand, the rules are simple: throw away any bits you can't use.
> > they're only going to be useful to us (the remaining bits)
> +_anyway_.
> Would that be the NT bits that the file system doesn't support?
> Suppose that the file system has bits NT doesn't support, that aren't
> ever sent to NT, and that the NT user wouldn't have changed if he had
> know about them? There could be reason to apply "diffs" to ACLs rather
> than straight sets.

Many Unix-filesystems have special bits, that are not
easily mapped to NT-ACLs. The sticky and setgid/setuid-bits
come to mind.

And the ext2-fs of Linux has some special bits too. "s" for
example means, that the contents of the file get's zeroed,
when it is being deleted.
(Since these are special to that filesystem, you can't
modify these bits incidentally with chmod.)

Just some thoughts.


More information about the samba-technical mailing list