Head count

Marc Jacobsen Marc_Jacobsen at hp.com
Mon Oct 9 18:28:53 GMT 2000


I am not sure how much Jeremy is changing the ACL code for release in Samba
2.2.0, but when I last saw it, here is how it worked:

To start with you can look at samba/source/include/acls.h to get an idea of the
data structures and functions used.

The source files that are relevant are:

samba/source/lib/nt_acl.c - you can look at it if you are curious, it actually
deals with the NT ACL structures and converts back and forth to a generic
superset (hopefully) of all UNIX ACL structures.  You should not need to change
this at all.

samba/source/lib/acl.c - This is where all the magic happens to call the proper
ACL module(s) depending on how each share is configured in the smb.conf.  You
will have to add a line to declare an external function to do any initialization
you want for your module, and then add a call to that function in the
init_acl_structs() function.

samba/source/lib/<module>.c - you will have to write this, it will probably be
easiest if you start with an existing module's source file and modify it, or use
it as a template.  The two I know of are acl_unix.c (for plain UNIX file
permissions) and acl_hpux_posix.c.  Basically you have to define functions to do
4 things:  initialize things (like registering your ACL scheme name so that it
can be used in the smb.conf), check a generic UNIX ACL to see if there are any
incompatibilities that would not allow a direct conversion to the specific
module's ACL type (then correct any incompatibilities or error out), do the
conversion from generic UNIX ACL to the specific module's ACL, and do the
conversion from the modules specific ACL to the generic UNIX ACL type.

There are a lot of comments in the acl.c, acl_unix.c and acl_hpux_posix.c file,
they should be fairly easy to understand if you look at them.

Lastly, you will have to modify the Makefile.in to compile and link in your new

I think that should be about it.

According to the WhatsNew file for Samba 2.2.0alpha0:

> Support for server supported Access Control Lists (ACLs).
> This support will require a specific pluggable backend to
> be written for each filesystem ACL implementation to be
> supported. The stable 2.2.0 release should contain
> support for the following filesystems: 
>     Solaris 2.6+ 
>     HPUX
>     SGI Irix 
>     Linux Kernel 2.2 with German ACL patch 

So apparently somebody is already busy working on support for more platforms. 

Keep in mind that some platforms support more than one ACL type; for example
HPUX 11 support HFS ACLs and Veritas VxFS POSIX ACLs, depending on what file
system you use.

Marc Jacobsen

John M Trostel wrote:
> ---Reply to mail from Gerald Carter about Head count
> > To all who have offered to help in the
> > past week or so,
> >
> > I need to get a head count of who is working on what.
> > This way, when someone asks for a list of possible projects
> > I don't recommend something that is currently being handled
> > already.
> >
> > Thanks.
> >
> I would like to help out integrating the greatest possible functionality
> of NT ACLs into SAMBA.  If anyone would like to point me in the best
> possible direction, I would appreciate it.
> I have downloaded the latest HEAD and SAMBA_2_2 cvs trees and am currently
> working through them to determine wherein lies the primary ACL code areas.
> Are there any informal implementation/development guides which might
> shorten this process?
> ---End reply
> --
> John M. Trostel
> Linux OS Engineer
> Connex
> jtrostel at connex.com

More information about the samba-technical mailing list