Windows/NFSv4 ACL interoperability

Roche_Francois at Roche_Francois at
Tue Mar 14 16:44:13 GMT 2006

Maybe, but one thing is sure is the API on the client side is checking the
structure. On the other side there is no interpretation of SIDs as long
their structure is correct, the sid could correspond to nothing but the
server accept it.


-----Original Message-----
From: Michael B Allen [mailto:mba2000 at] 
Sent: mardi 14 mars 2006 17:38
To: Roche, Francois
Cc: tridge at; christophk at;
bfields at; Gardere, Daniel; samba-technical at;
nfsv4 at
Subject: Re: Windows/NFSv4 ACL interoperability

On Tue, 14 Mar 2006 06:36:10 -0500
Roche_Francois at wrote:

> I totally agree with Tridge, it is the client which is doing the
> down the tree not the server.
> Windows server is doing it only for file/directory creation.

Because security descriptors are not NDR encoded in various RPCs
I strongly suspect that they are not interpreted at all when simply
getting or setting them. They are just binary blobs. You get out
what you put in.


More information about the samba-technical mailing list