Can Any one give me some design documents of samba.

Matt Zinkevicius mattzink at qwest.net
Fri Mar 30 06:29:02 GMT 2001


> At 10:47 AM 3/30/01 +0530, Karthikeyan wrote:
> >Hi guys,
> >           I am workin in samba,I am trying to provide the ACL support
> >for linux ext2 file system.
>
> Why bother? Samba 2.2.0 will have this support, all you need is to ensure
> that your Linux install has ACLs.
>
> However, if you still want to keep going, then Special Edition, Using
Samba
> has some stuff on this.

Remember that the NT ACL to POSIX ACL mapping in samba 2.2. is _far_ from
perfect. It is as good as it can be (congrats to Jeremy), yet POSIX ACL's
simply do not provide for all the security semantics that NT allows for.
Actually *nix itself doesn't provide granualar enough access rights, with
plain ol' "rwx". My company is building a storage appliance, and have
interviewed many administrators that said it is of extreme importance that
the full semantics be supported and enforced properly. So I'm being paid to
write a patch to samba that does just this :-) It's already about 95%
correct. Problems still include permission inheritance and some of the more
obscure combinations of access rights. The other ugliness is keeping the NT
ACL's somewhat in sync with the unix permissions (using either a daemon or
file-system wrapper).

> Finally, I am avaliable to consult on the structure of Samba :-)
>
> >and we plan to modify all the places where the samba checks permission
> >from the unix inode and
> >make samba get the permissions from the ACL list we are storing along
> >with the inode of each file.
> >As I  have just started to work(browse source code of samba-2.0.7) on
> >samba.I find it difficult to
> >get the control flow .

I would steer clear of using samba 2.0. From a developer's standpoint you'll
find it much easier to do you work using samba 2.2's (or HEAD's) VFS layer,
easy data marshalling, and built in database (tdb). It's quite stable from
our tests as well.

--Matt Zinkevicius





More information about the samba-technical mailing list