Windows/NFSv4 ACL interoperability

tridge at samba.org tridge at samba.org
Tue Mar 14 11:31:43 GMT 2006


Christoph,

 > I think you are missing one distinctive difference in the semantics of
 > nfsv4 and windows acl: inheritance! afaik nfsv4 uses static inheritance
 > (acls are inherited only at file creationt time) and windows uses a
 > semi-dynamic model (acls are inherited at the time they are set).
 > Applications that rely on one behaviour may do strange things!

I am a little skeptical about this. I know that Microsoft docs talk
about this type of dynamic inheritance, but when I went to implement
it in Samba4 I failed to reproduce it in windows->windows testing
(using win2003). What I saw instead was that the windows client would
walk the file tree under the directory and update the ACLs manually
guided by the various inheritance flags.

Try as I might to make windows do true dynamic inheritance, where an
update to a directory acl is immediately visible elements within the
directory without a tree walk I didn't see it.

Some people have said they just don't believe me, but I would
appreciate it if someone who has seen real dynamic inheritance in
action could send me a sniff demonstrating it.

Also note that (from the users point of view) Samba4 does implement
dynamic inheritance, its just that what happens is the client
transparently walks the tree and updates it for us, so I have a
working implementation to backup the above :-)

Cheers, Tridge


More information about the samba-technical mailing list