Supporting SACLs using EAs and a VFS module?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Mar 15 12:45:53 GMT 2006
On Wed, Mar 15, 2006 at 02:32:13PM +1100, tridge at samba.org wrote:
> I broke it up a little in Samba4, so that the NT ACL goes in a
> separate security.NTACL xattr, the EAs go in user.DosEAs and the file
> attributes go in user.DosAttrib.
With "NT ACL" you mean the complete one, including owner
info and the SACL?
> So for the SACL data, that would logically be added to security.NTACL,
> by extending the IDL and adding a new version (see the IDL switch in
> my last email).
Hmmm. Is that necessary? If we put in the complete secdesc
it contains both. It would also provide a nice
infrastructure for Samba3 to do full NT (d)acls eventually.
> As you suggested, I put all the file attribute data (timestamps etc)
> in user.DosAttrib as they tend to be all used at once. Clients ask for
> a qfileinfo call, and that needs all (or nearly all) of the
> attributes, so grouping them makes sense.
>
> For the example like a create time stamp that isn't needed, there is a
> flags field, and we can define a flag that says "this field is not
> used". That should make it easy to enable/disable features without
> breaking existing EAs in filesystems.
Ok. Looks good.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060315/19935b6e/attachment.bin
More information about the samba-technical
mailing list