ACL database

[Mayers, Philip J]

The VFS stuff is great.

Myself and a colleague (Hi Alan) were discussing this earlier - does anyone
know what the correct Posix, actual Unix (any variants) and actual NT/2K
semantics are with respect to when file permission checks are applied? If
it's just on open (and stat,unlink + other miscellany), then the security
implications might not be too gnarly (for an single-mode appliance).

This case (and dual/triple/quad SMB/{NFS,FTP,HTTP} appliances) are more
complex, as you have to fit the Posix permissions into the equation - I
can't see any easy way to map what you get back from a
SetNamedObjectSecurity into "right, these three are the owner/group/other
perms, the rest are emulated ACLs"

All (internal) or nothing (external) would be "nicer". Huh, the more I think
about it, the nastier it gets. I'm starting to agree with you... Are you
ever wrong? :o)

Regards,
Phil

+----------------------------------+
| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |
+----------------------------------+  

-----Original Message-----
From: Andrew Tridgell [mailto:tridge at samba.org]
Sent: 26 March 2001 14:08
To: p.mayers at ic.ac.uk
Cc: samba-technical at samba.org
Subject: Re: ACL database


> I suggested this a *long* time ago (couple of years, before the VFS layer
> IIRC) and was shot down in flames, for ease-of-use, engineering and
> performance reasons. I'll be very interested to see if this works.

yep, Jeremy and I have been very reluctant to bypass the unix security
system and start doing file permission checks in smbd. We are coming
around to it now however as it looks like it will be the only way to
get full NT filesystem semantics in an appliance like device.

Luckily we can now do this via the new vfs stuff, so it can be tried
without a major rework of the core code.