[nfsv4] Windows/NFSv4 ACL interoperability

tridge at samba.org tridge at samba.org
Tue Mar 14 08:52:24 GMT 2006


 > The one thing that I'd have to verify by experimentation is
 > whether is Windows walks the ACL twice: Once only looking
 > for negative entries and once for the positive ones. Reading
 > the user-level docs it seems that negative ones are looked
 > at first, but this might be because all GUIs order them.

I developed the sec_access_check() function in
libcli/security/access_check.c code in Samba4 pretty carefully, and
I'm fairly confident it is accurate, in terms of matching what w2k3
does. It walks the ACL just once. Note that it is not the same as any
published docs I have found (in particular the ordering of the special
case tests at the top of the function are different to all docs I have

The RAW-ACLS test in Samba4 smbtorture is quite a useful test case for
this stuff too.

Cheers, Tridge

More information about the samba-technical mailing list