Dynamic groups (was Samba and groups > 16)
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Mar 8 13:52:47 GMT 2005
On Tue, Mar 08, 2005 at 02:03:34PM +0100, Edgar, Bob wrote:
> Forgive my naivety but what is wrong with the following:
>
> try to open/create the file/directory
> if EACCESS {
> foreach group in longlist {
> addgroup to groups list
> try to open/create the file/directory
> if success break
> }
> if failure return EACCESS
> }
Exactly this does not work. See my example in the posting you replied to. The
kernel can *deny* your access based on a group membership. So you have to
replicate the kernel functionality for access controls completely in user
space. For each and every access that is access control sensitive.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050308/f5a9931b/attachment.bin
More information about the samba-technical
mailing list