POSIX ACL on the wire format.

Jeremy Allison jra at samba.org
Wed Aug 18 22:30:06 GMT 2004


Ok, here are my first thoughts on an on the wire POSIX ACL
format. All entries are in little-endian format.

[2 bytes]              -     Number of ACE entries to follow.
[2 bytes]              -     Number of default ACE entries to follow.
-------------------------------------
^
|
ACE entries
|
v
-------------------------------------
^
|
Default ACE entries
|
v
-------------------------------------

Where an ACE entry will look like :

[1 byte]           - Entry type.

Entry types are :

ACL_USER_OBJ            0x01
ACL_USER                0x02
ACL_GROUP_OBJ           0x04
ACL_GROUP               0x08
ACL_MASK                0x10
ACL_OTHER               0x20

[1 byte]          - permissions (perm_t)

perm_t types are :

ACL_READ                0x04
ACL_WRITE               0x02
ACL_EXECUTE             0x01

[8 bytes]         - uid/gid to apply this permission to.

In the same format as the uid/gid fields in the other
UNIX extensions definitions. Use 0xFFFFFFFFFFFFFFFF for
the MASK and OTHER entry types.

This way we only need 1 extra trans2 value :
SMB_SET_UNIX_POSIX_ACL which can be the same as
SMB_GET_UNIX_POSIX_ACL - used on both get and set
trans2 operations. I propose 0x204 for this info
level.

Thoughts anyone (especially Steve :-) ? How easy
would this be to map the Linux kernel get/set ACL 
calls into ?

Jeremy.


More information about the samba-technical mailing list