svn commit: samba r24465 - in
branches/SAMBA_3_2_0/source/libsmb: .
Derrell Lipman
derrell.lipman at unwireduniverse.com
Wed Aug 15 19:59:26 GMT 2007
On 8/15/07, simo <idra at samba.org> wrote:
>
> On Wed, 2007-08-15 at 17:40 +0000, derrell at samba.org wrote:
> > Author: derrell
> > Date: 2007-08-15 17:40:09 +0000 (Wed, 15 Aug 2007)
> > New Revision: 24465
> >
> > WebSVN:
> http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24465
> >
> > Log:
> > - Sort ACEs according to http://support.microsoft.com/kb/269175 so that
> > Windows Explorer doesn't complain about the order (and so that they
> get
> > interpreted properly).
>
> Is this done always by default ?
> Windows ACLs are order dependent, there are cases where reordering an
> ALLOW after a DENY is simply wrong (and will deny access where you wante
> to allow it or vice-versa) if the user did knew what it was doing
> according to Windows ACL semantics.
>
Yes, this is always done. The code this replaces already sorted DENY before
ALLOW and commented that such was required. The documentation I found today
also says it's supposed to be like that. Additionally, inherited ACEs are
supposed to come after non-inherited ones according to the docs.
There's no mechanism in libsmbclient for stating that "I know what I'm doing
so don't sort these for me" but since most users won't know what the sort
order is supposed to be, we're better off sorting according to the docs.
Remember that this is emulating the xsetattr() interface. It's not a native
interface to the SMB protocol.
Cheers,
Derrell
More information about the samba-technical
mailing list