ACL / SD support
Cole, Timothy D.
timothy_d_cole at md.northgrum.com
Fri Feb 18 23:09:29 GMT 2000
> -----Original Message-----
> From: Luke Kenneth Casson Leighton [SMTP:lkcl at samba.org]
> Sent: Friday, February 18, 2000 15:26
> To: Multiple recipients of list SAMBA-TECHNICAL
> Subject: RE: ACL / SD support
>
> > Then we have to embed explicit access checks throughout Samba, which
> > will destroy performance.
>
> no it won't.
>
Indeed. I just wasn't thinking right earlier.
> 1) you really _should_ be doing such explicit access checks _anyway_.
>
For kernel objects? If the access your check grants is the same as
what the kernel grants, you're wasting your time, and if it's not, then
you've introduced race conditions.
> 2) such checks are only made on file-open and file-create. microsoft
> already has exactly this problem in NT, therefore they have designed
> (read, munged) SMB to mitigate exactly this problem.
>
Shoot, that's right. A file handle represents a capability, as in a
capability-based system.
More information about the samba-technical
mailing list