Evaluating Windows Security Descriptors.

Christopher R. Hertel crh at ubiqx.mn.org
Wed Dec 19 19:56:52 GMT 2007

Volker Lendecke wrote:
> On Wed, Dec 19, 2007 at 01:22:13PM -0600, Christopher R. Hertel wrote:
>> The FS does keep track of both Posix and Windows security information.  The
>> preference is to apply Posix semantics in Posix environments (NFS, local
>> users, stuff like that) and Windows semantics in Windows environments.  CIFS
>> counts as a Windows environment.
> Others have been there and failed. This is a broken design
> that your customers will be *very* unhappy with, I've seen
> that myself. Your complete interoperability story falls to
> pieces when you tell them that the semantics depends upon
> what subsystem come from. Look at for example the posix
> subsystem in Win32. You could not access critical system
> resources (i.e. the network...) while being trapped in
> there.
> Probably you might be better off going with OpenSolaris and
> their in-kernel CIFS server.
> Volker
> P.S: I know I'm being cynic, but this distinction is a fully
> and 100% broken idea.

A slightly (only slightly) less cynical version of the same response came to
my mind when I first learned that they were doing things this way.  As it
turns out, they've been doing this for a while and (much to my surprise) it
has worked for them.

The complex mapping schemes that try to translate Windows to Posix to
Windows also have major pain points.  I'm not defending the decision here,
it's just empirical--that's what they're doing and have been for a while.

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem"    ISBN: 013047116X
Samba Team -- http://www.samba.org/    -)-----     Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/  -)-----  ubiqx development, uninq
ubiqx Team -- http://www.ubiqx.org/    -)-----          crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/   -)-----             crh at ubiqx.org

More information about the samba-technical mailing list