[nfsv4] Windows/NFSv4 ACL interoperability
tridge at samba.org
tridge at samba.org
Tue Mar 14 08:52:24 GMT 2006
Volker,
> The one thing that I'd have to verify by experimentation is
> whether is Windows walks the ACL twice: Once only looking
> for negative entries and once for the positive ones. Reading
> the user-level docs it seems that negative ones are looked
> at first, but this might be because all GUIs order them.
I developed the sec_access_check() function in
libcli/security/access_check.c code in Samba4 pretty carefully, and
I'm fairly confident it is accurate, in terms of matching what w2k3
does. It walks the ACL just once. Note that it is not the same as any
published docs I have found (in particular the ordering of the special
case tests at the top of the function are different to all docs I have
seen).
The RAW-ACLS test in Samba4 smbtorture is quite a useful test case for
this stuff too.
Cheers, Tridge
More information about the samba-technical
mailing list