First Release of the acl package

Christoph Klein christophk at
Thu Jun 23 08:43:23 GMT 2005

On Thu, Jun 23, 2005 at 11:54:50AM +1000, Tim Potter wrote:
> On Wed, 2005-06-22 at 09:20 +0200, Christoph Klein wrote:
> > Hi,
> > This morning i finally got my package released for the firs time. it's
> > avaible under
> >
> > But everything is still alpha code! Theres a readme in the base of the
> > tar, that should describe how to make things running. You should edit
> > the paths in the Makefiles, too, i've forgotten to mention that in the
> > readme.
> > The Userspace tools and the the samba module should work well
> > reasonably. The Kernel module is still buggy, and might not work at all.
> > I used another approach to implement this acl system than the one that
> > is projected wtigh ntacl-lsm. But i think if this works it is at least
> > as good as ntacl-lsm would be. You could also rewrite the vfs module for
> > samba4 or enhance the kernel module to read also SECDESCs from the hard
> > disk.
> > So as you see a lot of ideas. I'm looking forward to your comments.
> Hi Christoph.  I had a quick look through your code and was wondering
> whether there was any more information about this ngacl business?  I had
> a brief poke around with google and the only references to ngacl are to
> the NorduGrid toolkit.
> Is the approach you use to have the canonical ACL format being the NGACL
> format?  You are right in saying Samba will need a VFS module to convert
> NT ACLs to this format otherwise there's no way for a Windows user to
> create them.

This "ngacl-format" is an invention of mine. The basic data structures
to store these acls in the xattrs are 99% the same as the ones used for
the posix acls and the ngacl-libraray is a patched version of the original
acl library. I have only added some more permission bits and flags. It
has nothing to do with NorduGrid (i didnt know that someone was
developing sth with the same name, perhaps i have to change the name
The main things that are still on the agenda is to make the kernel
module work! Perhaps then ( if you are interested) i can incorporate
your code from  ntacl-lsm to read SECDESCs and interpret them, if samba
uses a uid<->rid mapping.
I will keep you informed.


More information about the samba-technical mailing list