What evaluates file perms when ACL's are involved?

Tim Potter tpot at samba.org
Wed Mar 8 03:09:45 GMT 2006

On Tue, 2006-03-07 at 18:58 -0800, Jeremy Allison wrote:
> On Tue, Mar 07, 2006 at 09:19:31PM -0500, Michael Lueck wrote:
> >
> > With Windows clients accessing these files via Samba in a Samba PDC 
> > environment, does Samba look to the filesystem / kernel to evaluate the 
> > ACL's, or is it involved in the process directly?
> Samba only evaluates acls in userspace when it's trying to
> decide if a client has the ability to set the "delete on close"
> bit to remove a file - this has to be done at open time for Windows,
> thus the userspace check. Even if this passes Samba it's still
> up to the kernel to decide if that user can delete the file
> or not - it's done at close time instead.

Is it possible to map this to a call to access()?  You can only check
one of readable, writable or executable though.  It might not be enough
to remove this one userspace check.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060308/ddb17e20/attachment.bin

More information about the samba-technical mailing list