[nfsv4] Windows/NFSv4 ACL interoperability
Keith Farrar
farrar at parc.com
Tue Mar 14 08:54:36 GMT 2006
Windows apparently evaluates the ACL entries in the order they appear.
MSDN developer docs state that an application modifying an ACL is
responsible for keeping ACEs in the canonical order (all deny entries
preceding allow entries).
If you don't already have it, SetACL (http://setacl.sourceforge.net/)
is a nifty GPL tool. It might be a useful tool for scripted ACL mangling
(and behavior comparisons between a Samba server and a Windows server).
MSDN "Platform SDK: Authorization" documentation entries describing ACL
ordering requirements:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/order_of_aces_in_a_dacl.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/addaccessdeniedace.asp
MSDN authorization functions index:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/authorization_functions.asp
More information about the samba-technical
mailing list