Georgina Russell georgy at CSUA.Berkeley.EDU
Tue Jan 22 12:21:03 GMT 2002

I have some another question ...

It seems that in the translation to Unix mode from NT perms, if any of
set in the NT perms, the mode is set to S_IRUSR.   Is that correct?

In the translation from Unix mode to NT perms, S_IRUSR becomes
UNIX_ACCESS_R, which is defined as FILE_GENERIC_READ , which is further
defined to be

It seems like this translation back and forth results in increased
permissions for the NT user in some cases.  (e.g. user only has
FILE_READ_EA, becomes S_IRUSR, and then gets read access to attributes,
data, etc.)  I am misunderstanding something?

Thanks for your help.

On Mon, 21 Jan 2002, Gerald Carter wrote:

> On Fri, 18 Jan 2002, Georgina Russell wrote:
> >
> > I've been reading through the source and I don't see the
> > NO_PROPOGATE_INHERIT_ACE flag being checked when unpacking security
> > descriptors. However, I do see a #define for it.  Do you plan to support
> > this in the future?  What is the reason for leaving this out?
> I'll leave this one to Jeremy....
> > Also, I'm having a hard time figuring out how SACL's are supported.
> > It doesn't seem like they are stored on disk.  Is this correct?
> Yes.  That it correct.  We map the DACL to a POSIX ACL.
> IMO The correct solution would be to modify Samba's VFS to
> pass the security descriptor to the file system and let it
> through it away (assuming it doesn't care about it).
> chau, jerry
>  ---------------------------------------------------------------------
>  Hewlett-Packard                           
>  SAMBA Team                             
>  --                                  
>  "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
>  --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

More information about the samba-technical mailing list