ACL / SD support

Cole, Timothy D. timothy_d_cole at
Tue Feb 22 15:06:59 GMT 2000

> -----Original Message-----
> From:	Luke Kenneth Casson Leighton [SMTP:lkcl at]
> Sent:	Saturday, February 19, 2000 12:48
> To:	Multiple recipients of list SAMBA-TECHNICAL
> Subject:	RE: ACL / SD support
> > > 1) you really _should_ be doing such explicit access checks _anyway_.
> > > 
> > 	For kernel objects?  If the access your check grants is the same as
> > what the kernel grants, you're wasting your time, and if it's not, then
> > you've introduced race conditions.
> for object == file/dir, you're absol. right.
	Yes.  by kernel objects, I mean objects that are actually
encapsulated by the native OS kernel.  On most posix systems this will be:

	 - devices
	 - files
	 - directories
	 - sockets
	 - pipes

	For non-kernel objects, you have no choice to do the access checks
yourself.  However, that's not particularly dangerous or wasteful, as in
those cases it is possible to completely encapsulate such objects yourself.

More information about the samba-technical mailing list