svn commit: samba r24465 - in
branches/SAMBA_3_2_0/source/libsmb: .
simo
idra at samba.org
Thu Aug 16 00:26:56 GMT 2007
On Wed, 2007-08-15 at 15:59 -0400, Derrell Lipman wrote:
> On 8/15/07, simo <idra at samba.org> wrote:
> On Wed, 2007-08-15 at 17:40 +0000, derrell at samba.org wrote:
> > Author: derrell
> > Date: 2007-08-15 17:40:09 +0000 (Wed, 15 Aug 2007)
> > New Revision: 24465
> >
> > WebSVN:
> http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24465
> >
> > Log:
> > - Sort ACEs according to
> http://support.microsoft.com/kb/269175 so that
> > Windows Explorer doesn't complain about the order (and so
> that they get
> > interpreted properly).
>
> Is this done always by default ?
> Windows ACLs are order dependent, there are cases where
> reordering an
> ALLOW after a DENY is simply wrong (and will deny access where
> you wante
> to allow it or vice-versa) if the user did knew what it was
> doing
> according to Windows ACL semantics.
>
> Yes, this is always done. The code this replaces already sorted DENY
> before ALLOW and commented that such was required. The documentation
> I found today also says it's supposed to be like that. Additionally,
> inherited ACEs are supposed to come after non-inherited ones according
> to the docs.
Ok, looks reasonable.
> There's no mechanism in libsmbclient for stating that "I know what I'm
> doing so don't sort these for me" but since most users won't know what
> the sort order is supposed to be, we're better off sorting according
> to the docs. Remember that this is emulating the xsetattr()
> interface. It's not a native interface to the SMB protocol.
Right, I was just worrying we were changing something, I agree with you
and Jerry about not letting user shoot themselves by default.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list