ACL database

Jeremy Allison jeremy at
Mon Mar 26 16:27:05 GMT 2001

"Mayers, Philip J" wrote:

> This case (and dual/triple/quad SMB/{NFS,FTP,HTTP} appliances) are more
> complex, as you have to fit the Posix permissions into the equation - I
> can't see any easy way to map what you get back from a
> SetNamedObjectSecurity into "right, these three are the owner/group/other
> perms, the rest are emulated ACLs"

No you couldn't - you'd have to provide only the "external" (emulated) ACLs
back, then use the internal POSIX mapping code to map them into something
approximating what NT wanted (this latter stage is what I currently am still
tweaking in the 2.2 alphas).

> All (internal) or nothing (external) would be "nicer". Huh, the more I think
> about it, the nastier it gets. I'm starting to agree with you... Are you
> ever wrong? :o)

No, Andrew is never wrong. Occasionally I get lucky and find
bugs in his code.... :-) :-).


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list