Can Any one give me some design documents of samba.

Richard Sharpe sharpe at ns.aus.com
Fri Mar 30 06:50:31 GMT 2001 

At 11:29 PM 3/29/01 -0700, Matt Zinkevicius wrote:
>> At 10:47 AM 3/30/01 +0530, Karthikeyan wrote:
>> >Hi guys,
>> >           I am workin in samba,I am trying to provide the ACL support
>> >for linux ext2 file system.
>>
>> Why bother? Samba 2.2.0 will have this support, all you need is to ensure
>> that your Linux install has ACLs.
>>
>> However, if you still want to keep going, then Special Edition, Using
>Samba
>> has some stuff on this.
>
>Remember that the NT ACL to POSIX ACL mapping in samba 2.2. is _far_ from
>perfect. 

But it is a much better starting point than 2.0.7, as you mention below ...

>         It is as good as it can be (congrats to Jeremy), yet POSIX ACL's
>simply do not provide for all the security semantics that NT allows for.
>Actually *nix itself doesn't provide granualar enough access rights, with
>plain ol' "rwx".

Ummm, I remember ACLs on VMS. The NT ACLs are modelled after VMS, and VMS
had all sorts of obcure things that are not really needed.

However, customers being what they are, want full compatibility.

>                 My company is building a storage appliance, and have
>interviewed many administrators that said it is of extreme importance that
>the full semantics be supported and enforced properly. So I'm being paid to
>write a patch to samba that does just this :-)

Hopefully you will contribute it back, and we can figure out how to make it
an option in Samba.

>                                               It's already about 95%
>correct. Problems still include permission inheritance and some of the more
>obscure combinations of access rights. The other ugliness is keeping the NT
>ACL's somewhat in sync with the unix permissions (using either a daemon or
>file-system wrapper).

OK.

>> Finally, I am avaliable to consult on the structure of Samba :-)
>>
>> >and we plan to modify all the places where the samba checks permission
>> >from the unix inode and
>> >make samba get the permissions from the ACL list we are storing along
>> >with the inode of each file.
>> >As I  have just started to work(browse source code of samba-2.0.7) on
>> >samba.I find it difficult to
>> >get the control flow .
>
>I would steer clear of using samba 2.0. From a developer's standpoint you'll
>find it much easier to do you work using samba 2.2's (or HEAD's) VFS layer,
>easy data marshalling, and built in database (tdb). It's quite stable from
>our tests as well.
>
>--Matt Zinkevicius


Regards
-------
Richard Sharpe, sharpe at ns.aus.com
Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba

More information about the samba-technical mailing list