NT ACL / Security descriptor checking function

Luke Kenneth Casson Leighton lkcl at samba.org
Sat Feb 12 18:19:11 GMT 2000

On Sun, 13 Feb 2000, Elrond wrote:

> On Sat, Feb 12, 2000 at 09:22:53PM +1100, Michael Stockman wrote:
> [...]
> > > jeemy has done a perfectly good job of coming up with heuristics to
> > turn
> > > VMS security descriptors into a unix file permissions.  from what i
> > > understand, the rules are simple: throw away any bits you can't use.
> > > they're only going to be useful to us (the remaining bits)
> > +_anyway_.
> > 
> > Would that be the NT bits that the file system doesn't support?
> > Suppose that the file system has bits NT doesn't support, that aren't
> > ever sent to NT, and that the NT user wouldn't have changed if he had
> > know about them? There could be reason to apply "diffs" to ACLs rather
> > than straight sets.
> Many Unix-filesystems have special bits, that are not
> easily mapped to NT-ACLs. The sticky and setgid/setuid-bits
> come to mind.

they don't map to ACLs, but they do map to security descriptors.  there's
an owner ACL, system ACL, parent SID and group SID.
> And the ext2-fs of Linux has some special bits too. "s" for
> example means, that the contents of the file get's zeroed,
> when it is being deleted.
> (Since these are special to that filesystem, you can't
> modify these bits incidentally with chmod.)

yaay.  excellent!  real-world examples!

More information about the samba-technical mailing list