What to do when Windows client asks you to set permissions that
you can't?
Ken Cross
kcross at nssolutions.com
Wed Mar 19 21:31:08 GMT 2003
Richard:
By all means, leave them not trusting the file system. ;-)
Seriously, we have a similar situation, where we have almost-Windows
ACLs. It's a continuing problem.
However, we've found it best to do whatever is appropriate to avoid
alarming the user. Typically, this means silently doing the
next-best-thing, whatever that is.
An example is setting Read Attributes, but disabling Read Extended
Attributes. We don't implement them both, so we set them both to
whatever the last request was.
It ain't perfect, but it's an approximation anyhow.
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
> -----Original Message-----
> From:
> samba-technical-bounces+kcross=nssolutions.com at lists.samba.org
>
> [mailto:samba-technical-bounces+kcross=nssolutions.com at lists.s
> amba.org] On Behalf Of Richard Sharpe
> Sent: Wednesday, March 19, 2003 5:00 PM
> To: samba-technical at samba.org
> Subject: What to do when Windows client asks you to set
> permissions that you can't?
>
>
> Hi,
>
> A question I have relating to ACLs is the following:
>
> What should you do (In Samba etc) if you get an ACE in an ACL
> where the
> ACE contains permission bits that you do not implement?
>
> You could:
>
> 1. Deny the request, leaving the user not knowing which
> bits were good and which not.
>
> 2. Ignore the bits you don't process, leaving the user
> in a state of confusion about which bits you support
> and which you don't. That is, leaving them not
> trusting the file system.
>
> Are there any other choices (assuming that implementing all
> the NT bits is
> out of the question).
>
> Regards
> -----
> Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
> sharpe[at]ethereal.com, http://www.richardsharpe.com
>
More information about the samba-technical
mailing list