POSIX ACL on the wire format.
Jeremy Allison
jra at samba.org
Wed Aug 18 22:30:06 GMT 2004
Ok, here are my first thoughts on an on the wire POSIX ACL
format. All entries are in little-endian format.
[2 bytes] - Number of ACE entries to follow.
[2 bytes] - Number of default ACE entries to follow.
-------------------------------------
^
|
ACE entries
|
v
-------------------------------------
^
|
Default ACE entries
|
v
-------------------------------------
Where an ACE entry will look like :
[1 byte] - Entry type.
Entry types are :
ACL_USER_OBJ 0x01
ACL_USER 0x02
ACL_GROUP_OBJ 0x04
ACL_GROUP 0x08
ACL_MASK 0x10
ACL_OTHER 0x20
[1 byte] - permissions (perm_t)
perm_t types are :
ACL_READ 0x04
ACL_WRITE 0x02
ACL_EXECUTE 0x01
[8 bytes] - uid/gid to apply this permission to.
In the same format as the uid/gid fields in the other
UNIX extensions definitions. Use 0xFFFFFFFFFFFFFFFF for
the MASK and OTHER entry types.
This way we only need 1 extra trans2 value :
SMB_SET_UNIX_POSIX_ACL which can be the same as
SMB_GET_UNIX_POSIX_ACL - used on both get and set
trans2 operations. I propose 0x204 for this info
level.
Thoughts anyone (especially Steve :-) ? How easy
would this be to map the Linux kernel get/set ACL
calls into ?
Jeremy.
More information about the samba-technical
mailing list