svn commit: samba r24465 - in branches/SAMBA_3_2_0/source/libsmb: .

Zack Kirsch zack.kirsch at isilon.com
Wed Aug 15 22:49:20 GMT 2007


I have to disagree here.  Coming from a file system that has builtin
NTFS ACL support, we have the same problem of whether or not to
sort/canonicalize the ACL.  There is no clear "right" solution, as both
sorting and not sorting have advantages and disadvantages.

Obviously, sorting the ACL makes viewing them easier on Explorer.
However, sorting the ACL has some disadvantages; Samba will not be
relaying the exact permissions to Windows (i.e. lying) when a Posix ACL
or Posix mode is on the file.  An even bigger problem with sorting the
ACL is if a user modifies the ACL (i.e. adds an ACE) and then the sorted
ACL becomes the real ACL.  Finally, it is possible that a Windows client
has explicity set a non-canonicalized (non-sorted) ACL itself --
shouldn't Samba be able respect this, even if Explorer complains?

I think it would be best to make this configurable and not hidden deep
inside the code, as Volker suggested.  We've even had a customer ask for
this to be configurable.

Zack

> -----Original Message-----
> From: samba-technical-bounces+zkirsch=isilon.com at lists.samba.org
> [mailto:samba-technical-bounces+zkirsch=isilon.com at lists.samba.org] On
> Behalf Of Gerald (Jerry) Carter
> Sent: Wednesday, August 15, 2007 2:19 PM
> To: Derrell Lipman
> Cc: Volker.Lendecke at sernet.de; samba-technical at lists.samba.org
> Subject: Re: svn commit: samba r24465 - in
> branches/SAMBA_3_2_0/source/libsmb: .
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Derrell Lipman wrote:
> 
> > I don't consider it acceptable to break backward
> > compatibility, so I don't want to remove the sorting.
> > I will, however, look into whether there can be
> > some option for specifying that no sorting should
> > occur so that people who really know what they're doing
> > have the option of specifying such and getting around
> > the automatic sorting.
> 
> If I understand the discussion, requiring the user to
> sort ACLs is overengineering.  The interface should be
> simple to use.  I'd close the bug and call it a day.
> 
> 
> 
> 
> cheers, jerry
> =====================================================================
> Samba                                    ------- http://www.samba.org
> Centeris                         -----------  http://www.centeris.com
> "What man is a man who does not make the world better?"      --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFGw23FIR7qMdg1EfYRAvfvAJ9wtwhf8w0DJ4BeMOkAMDmkOJnkbQCgi85l
> lFXSnS/UPB49PTAoCZxlu6I=
> =b/Xr
> -----END PGP SIGNATURE-----


More information about the samba-technical mailing list