What evaluates file perms when ACL's are involved?

Jeremy Allison jra at samba.org
Wed Mar 8 03:59:18 GMT 2006

On Wed, Mar 08, 2006 at 02:09:45PM +1100, Tim Potter wrote:
> On Tue, 2006-03-07 at 18:58 -0800, Jeremy Allison wrote:
> > On Tue, Mar 07, 2006 at 09:19:31PM -0500, Michael Lueck wrote:
> > >
> > > With Windows clients accessing these files via Samba in a Samba PDC 
> > > environment, does Samba look to the filesystem / kernel to evaluate the 
> > > ACL's, or is it involved in the process directly?
> > 
> > Samba only evaluates acls in userspace when it's trying to
> > decide if a client has the ability to set the "delete on close"
> > bit to remove a file - this has to be done at open time for Windows,
> > thus the userspace check. Even if this passes Samba it's still
> > up to the kernel to decide if that user can delete the file
> > or not - it's done at close time instead.
> Is it possible to map this to a call to access()?  You can only check
> one of readable, writable or executable though.  It might not be enough
> to remove this one userspace check.

Nope. access checks the *real* uid, not the effective one, making
it singularly useless in this case ;-).


More information about the samba-technical mailing list