Non-UNIX permission models (resent)

Andrew Bartlett abartlet at
Sat Oct 1 00:57:33 GMT 2005

On Thu, 2005-09-29 at 16:25 +0200, Andreas Gruenbacher wrote:
> Hello,

> (It seems that the VFS could provide a CIFS permission model implementation 
> that only uses extended attribute inode operations, so multiple filesystems 
> could use the same implementation rather than having to duplicate the same 
> code, even though logically it would be a filesystem-level feature. This is 
> similar to how the current permission inode operation works.)

This is the key point, I certainly do not want to see a world where
NTACLS are a bolt on to ext3, but not tmpfs, and reiser but not xfs.  It
would cause mayhem in the userbase.  Much easier to manager is 'FS must
support extended attributes', which we seem to be getting thanks to the
SELinux push.

Likewise it would be a nice bonus if the CIFS VFS just passed the NT ACL
right to the target server, even if I currently disagree with the way
the enforcement is done (locally).

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list