Can Any one give me some design documents of samba.

Joe Doran joed at rubberducky.interlude.eu.org
Sat Mar 31 20:59:19 GMT 2001


>The most useful feature about them: The inheritance. The ability to change a
>single ACL and have it propagate down the tree *and* still maintain more
>specific permissions lower down (or not, if you've turned off inheritance)
>would make the Posix ACLs perfect. But maybe too *complex*...

>Regards,
>Phil


I think you are right about being *Complex*, and questionable whether useful. As an NT/Unix Admin I have seen some horror stories. Seems this functionality is used by Admins who could not be bothered to design a properly structured security structure on thier filesystems.  I have seen some filesystems with 10/12 layers of security acls, agggh :-). It seems that Microsoft probably introduced the 'turned off inheritance' to get around incorrectly applied progogation down the tree. Imagine the scenario of 12 layers and applying the top layer acl the whole way down the tree, ah oh, whoops sorry.... :-). Phone rings in support, Hey why cant I access my files? Some body has changed permissions throughout the tree. Reload backups? I dont think so. It then follows that there is a huge and pain staking exercise to reapply security by hand. 

I'd think I'd rather stick with POSIX ACL's, less work :-).

Joe.





More information about the samba-technical mailing list