[nfsv4] Windows/NFSv4 ACL interoperability
Roche_Francois at emc.com
Roche_Francois at emc.com
Tue Mar 14 08:42:07 GMT 2006
Windows servers are walking ACL once, in the same order than the aces are
stored. However most client applications will expect that the aces are
sorted in the following order:
1) Explicit denied aces
2) Explicit allow aces
3) Inherited denied aces
4) Inherited allow aces
If the server doesn't return aces in that order then some applications will
get into trouble. For instance with explorer on windows NT I remember you
will then have a popup windows saying that there is something wrong so you
need to discard all aces or it will reorder them automatically. This is only
one example among others.
In general windows clients are not very tolerant with such things unlike
server side which is.
-----Original Message-----
From: Volker Lendecke [mailto:vlendec at SerNet.DE] On Behalf Of Volker
Lendecke
Sent: mardi 14 mars 2006 08:51
To: J. Bruce Fields
Cc: Yoder, Alan; Gardere, Daniel; samba-technical at lists.samba.org;
nfsv4 at ietf.org; Roche, Francois
Subject: Re: [nfsv4] Windows/NFSv4 ACL interoperability
On Mon, Mar 13, 2006 at 10:19:22PM -0500, J. Bruce Fields wrote:
> Yeah, that's my understanding too.
The one thing that I'd have to verify by experimentation is
whether is Windows walks the ACL twice: Once only looking
for negative entries and once for the positive ones. Reading
the user-level docs it seems that negative ones are looked
at first, but this might be because all GUIs order them.
Volker
More information about the samba-technical
mailing list