[nfsv4] Windows/NFSv4 ACL interoperability

Keith Farrar farrar at parc.com
Tue Mar 14 08:54:36 GMT 2006


Windows apparently evaluates the ACL entries in the order they appear.
MSDN developer docs state that an application modifying an ACL is
responsible for keeping ACEs in the canonical order (all deny entries
preceding allow entries).

If you don't already have it, SetACL (http://setacl.sourceforge.net/)
is a nifty GPL tool. It might be a useful tool for scripted ACL mangling
(and behavior comparisons between a Samba server and a Windows server).


MSDN "Platform SDK: Authorization" documentation entries describing ACL
ordering requirements:
  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/order_of_aces_in_a_dacl.asp
  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/addaccessdeniedace.asp

MSDN authorization functions index:
  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/authorization_functions.asp



More information about the samba-technical mailing list