ACL / SD support

Cole, Timothy D. timothy_d_cole at
Fri Feb 18 23:09:29 GMT 2000

> -----Original Message-----
> From:	Luke Kenneth Casson Leighton [SMTP:lkcl at]
> Sent:	Friday, February 18, 2000 15:26
> To:	Multiple recipients of list SAMBA-TECHNICAL
> Subject:	RE: ACL / SD support
> > 	Then we have to embed explicit access checks throughout Samba, which
> > will destroy performance. 
> no it won't.  
	Indeed.  I just wasn't thinking right earlier.

> 1) you really _should_ be doing such explicit access checks _anyway_.
	For kernel objects?  If the access your check grants is the same as
what the kernel grants, you're wasting your time, and if it's not, then
you've introduced race conditions.

> 2) such checks are only made on file-open and file-create.  microsoft
> already has exactly this problem in NT, therefore they have designed
> (read, munged) SMB to mitigate exactly this problem.
	Shoot, that's right.  A file handle represents a capability, as in a
capability-based system.

More information about the samba-technical mailing list