Samba4 Posix NTVFS questions

Gémes Géza geza at kzsdabas.sulinet.hu
Sun Nov 7 23:48:23 GMT 2004


>I'm not saying that a Samba4 server shouldn't implement NT
>ACLs and NT semantics as closely as possible, of course we
>should, that is our purpose. I'm saying that we shouldn't take
>the things that we have to do to support Windows clients and
>add them into the POSIX spec. 
>
>We should present POSIX ACLs to POSIX clients and Windows ACLs
>to Windows clients. It is a matter of administrator policy how
>to map between them - we can give a choice easily (we already
>have an imperfect mapping) - or whether to keep them separate.
>
>What I am saying is don't add NT semantics to POSIX. If we want
>to exend POSIX we should add the capability to implement such
>things in an extended way (the Linux plug-in facility for example)
>but not tie them to Windows semantics. Remember, Windows semantics
>are not a standard, not written down and change on new server
>releases.
>
>The NFSv4 ACLs are *based* on NT ACLs but they are *NOT*
>NT ACLs. They are differnet from the semantics that Windows
>servers implement. Great - now we have two quite similar but
>actually different ACL mechanisms. It's this trap I want to avoid
>for POSIX.
>
>Jeremy.
>
>  
>
Yes it is realy a mess now :-\ .

My long term realizable opinion was to design a new Posix standard based 
on the NFSv4 ACL model, with ALLOW, DENY, AUDIT and ALARM "access" 
types, and the generally meaningful access entries, like:
execute
read, write content (modify)
read, write acls (r/w attributes)
read, write extended attributes (r/w extended attributes)
read, write inode (delete)
etc.

I wouldn't ever think to consider what M$ does :-( to be a followable 
path for Posix standards.

Best Regards

Geza


More information about the samba-technical mailing list