ACL / SD support
Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Feb 23 01:37:43 GMT 2000
On Tue, 22 Feb 2000, Cole, Timothy D. wrote:
> > -----Original Message-----
> > From: Luke Kenneth Casson Leighton [SMTP:lkcl at samba.org]
> > Sent: Saturday, February 19, 2000 12:48
> > To: Multiple recipients of list SAMBA-TECHNICAL
> > Subject: RE: ACL / SD support
> > > > 1) you really _should_ be doing such explicit access checks _anyway_.
> > > >
> > > For kernel objects? If the access your check grants is the same as
> > > what the kernel grants, you're wasting your time, and if it's not, then
> > > you've introduced race conditions.
> > for object == file/dir, you're absol. right.
> Yes. by kernel objects, I mean objects that are actually
> encapsulated by the native OS kernel. On most posix systems this will be:
> - devices
> - files
> - directories
> - sockets
> - pipes
all of these _are_ files / dirs.
> For non-kernel objects, you have no choice to do the access checks
> yourself. However, that's not particularly dangerous or wasteful, as in
> those cases it is possible to completely encapsulate such objects yourself.
yep. and from what we've heard, this is exactly what NT does anyway, in
\PIPE\svcctl, \PIPE\samr, \PIPE\lsarpc and others!
More information about the samba-technical