Can Any one give me some design documents of samba.

Simo Sorce simo.sorce at polimi.it
Fri Mar 30 07:28:39 GMT 2001 

This is only for linux, but wouldn't it be interesting to change the
kernel acl patch to be VMS/NT ACL instead of POSIX ACL compatible?
this would avoid the need to build complicated matching code in samba, or
not?

On Fri, 30 Mar 2001, Richard Sharpe wrote:

> At 11:29 PM 3/29/01 -0700, Matt Zinkevicius wrote:
> >> At 10:47 AM 3/30/01 +0530, Karthikeyan wrote:
> >> >Hi guys,
> >> >           I am workin in samba,I am trying to provide the ACL support
> >> >for linux ext2 file system.
> >>
> >> Why bother? Samba 2.2.0 will have this support, all you need is to ensure
> >> that your Linux install has ACLs.
> >>
> >> However, if you still want to keep going, then Special Edition, Using
> >Samba
> >> has some stuff on this.
> >
> >Remember that the NT ACL to POSIX ACL mapping in samba 2.2. is _far_ from
> >perfect.
>
> But it is a much better starting point than 2.0.7, as you mention below ...
>
> >         It is as good as it can be (congrats to Jeremy), yet POSIX ACL's
> >simply do not provide for all the security semantics that NT allows for.
> >Actually *nix itself doesn't provide granualar enough access rights, with
> >plain ol' "rwx".
>
> Ummm, I remember ACLs on VMS. The NT ACLs are modelled after VMS, and VMS
> had all sorts of obcure things that are not really needed.
>
> However, customers being what they are, want full compatibility.
>
> >                 My company is building a storage appliance, and have
> >interviewed many administrators that said it is of extreme importance that
> >the full semantics be supported and enforced properly. So I'm being paid to
> >write a patch to samba that does just this :-)
>
> Hopefully you will contribute it back, and we can figure out how to make it
> an option in Samba.
>
> >                                               It's already about 95%
> >correct. Problems still include permission inheritance and some of the more
> >obscure combinations of access rights. The other ugliness is keeping the NT
> >ACL's somewhat in sync with the unix permissions (using either a daemon or
> >file-system wrapper).
>
> OK.
>
> >> Finally, I am avaliable to consult on the structure of Samba :-)
> >>
> >> >and we plan to modify all the places where the samba checks permission
> >> >from the unix inode and
> >> >make samba get the permissions from the ACL list we are storing along
> >> >with the inode of each file.
> >> >As I  have just started to work(browse source code of samba-2.0.7) on
> >> >samba.I find it difficult to
> >> >get the control flow .
> >
> >I would steer clear of using samba 2.0. From a developer's standpoint you'll
> >find it much easier to do you work using samba 2.2's (or HEAD's) VFS layer,
> >easy data marshalling, and built in database (tdb). It's quite stable from
> >our tests as well.
> >
> >--Matt Zinkevicius
>
>
> Regards
> -------
> Richard Sharpe, sharpe at ns.aus.com
> Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com)
> Contributing author, SAMS Teach Yourself Samba in 24 Hours
> Author, Special Edition, Using Samba
>
>
>
>

-- 
Simo Sorce - Linux Systems Consultant
E-mail: simo.sorce at polimi.it
Tel: +39 0348 7149179 - Fax: +39 02 700442399
-----------------------------------------------------------------
Be happy, use Linux!

More information about the samba-technical mailing list