Samba4 Posix NTVFS questions
geza at kzsdabas.sulinet.hu
Sun Nov 7 23:48:23 GMT 2004
>I'm not saying that a Samba4 server shouldn't implement NT
>ACLs and NT semantics as closely as possible, of course we
>should, that is our purpose. I'm saying that we shouldn't take
>the things that we have to do to support Windows clients and
>add them into the POSIX spec.
>We should present POSIX ACLs to POSIX clients and Windows ACLs
>to Windows clients. It is a matter of administrator policy how
>to map between them - we can give a choice easily (we already
>have an imperfect mapping) - or whether to keep them separate.
>What I am saying is don't add NT semantics to POSIX. If we want
>to exend POSIX we should add the capability to implement such
>things in an extended way (the Linux plug-in facility for example)
>but not tie them to Windows semantics. Remember, Windows semantics
>are not a standard, not written down and change on new server
>The NFSv4 ACLs are *based* on NT ACLs but they are *NOT*
>NT ACLs. They are differnet from the semantics that Windows
>servers implement. Great - now we have two quite similar but
>actually different ACL mechanisms. It's this trap I want to avoid
Yes it is realy a mess now :-\ .
My long term realizable opinion was to design a new Posix standard based
on the NFSv4 ACL model, with ALLOW, DENY, AUDIT and ALARM "access"
types, and the generally meaningful access entries, like:
read, write content (modify)
read, write acls (r/w attributes)
read, write extended attributes (r/w extended attributes)
read, write inode (delete)
I wouldn't ever think to consider what M$ does :-( to be a followable
path for Posix standards.
More information about the samba-technical