Volker.Lendecke at SerNet.DE
Wed Nov 22 14:20:52 GMT 2006
On Wed, Nov 22, 2006 at 09:11:07AM -0500, simo wrote:
> uhmm a set of deny aces first (invalid users) and then a set of allow
> aces (valid users), is what comes to mind.
Sure, that's one approach. But then you also have "hosts
allow". How do you represent that as a security descriptor?
> I know that some configuration of ACLs where deny entries are after some
> allow one would not match, but nobody do that afaik, and we can probably
> just limit it and document it.
I'd like to see a concrete proposal first :-)
With ACLs there have been *many* attempts to sanitize them,
and so far not many have produced usable results :-)
> I think my main concern is about ACLs right now, we can probably keep
> everything else more or less the same, but I'd like to take the chance
> to cleanup stuff as we go if possible.
Again: Feel free.
I will concentrate on the smb.conf mechanics first, if we
later on dump the 'valid users' in exchange for something
better, this is independent of it I think.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20061122/2e7a16fd/attachment.bin
More information about the samba-technical