usershare acl parser?

tridge at tridge at
Sun Dec 11 11:42:18 GMT 2005


 > No, it's not just a subset it's a almost a completely different
 > animal. What would setting : 

WRITE_DAC_ACCESS would mean that the trustee of the ace can change the

FILE_EXECUTE is in the file specific bits, and is 0x20, which means
that on a share it would be known as SEC_DIR_TRAVERSE which would
allow/deny the trustee to traverse the share root (which just happens
to be what unix execute means on a directory).

SEC_STD_SYNCHRONIZE won't be useful on a share root, but the others
definately mean something

 > *possibly* mean in a share context ? That's something that
 > might come out of a generic ACL. Remember, people are going
 > to have to be able to read and type this on a UNIX command line.
 > Hands up anyone who knows the Microsoft text ACL format..... :-).
 > Remember, the syntax is just "[user|group]:[F|R|D]". Complete
 > ACLs are so much overkill for this it's not even funny :-).

well, playing devils advocate, how will you control the inheritance,
which controls what ACL will be used on files created in the root of
the share?

How will you allow/deny changing attributes on the share? (such as
volume name). How will you enable auditing controls? 

You may well be right that a full ACL is more than most people need,
but I don't think its true to say that a broader ACL capability is

Cheers, Tridge

More information about the samba-technical mailing list