Evaluating Windows Security Descriptors.

AJ Lewis andrew.lewis at quantum.com
Wed Dec 19 19:56:17 GMT 2007


Hey all,

I'm working with Chris on this at Quantum.

On Wed, Dec 19, 2007 at 08:35:52PM +0100, Volker Lendecke wrote:
> On Wed, Dec 19, 2007 at 01:22:13PM -0600, Christopher R. Hertel wrote:
> > The FS does keep track of both Posix and Windows security information.  The
> > preference is to apply Posix semantics in Posix environments (NFS, local
> > users, stuff like that) and Windows semantics in Windows environments.  CIFS
> > counts as a Windows environment.
> 
> Others have been there and failed. This is a broken design
> that your customers will be *very* unhappy with, I've seen
> that myself. Your complete interoperability story falls to
> pieces when you tell them that the semantics depends upon
> what subsystem come from. Look at for example the posix
> subsystem in Win32. You could not access critical system
> resources (i.e. the network...) while being trapped in
> there.

Are there filesystems that do windows security in a Posix environment?
I know that the Posix and Windows security don't map well on each other,
so what is the solution?  Is there a good one?  In this case, we're
thinking that preserving the system's semantics is the lesser of two
evils (the other one being trying to map from one to the other on the
fly) but maybe there's another option that I don't know about.
 
> Probably you might be better off going with OpenSolaris and
> their in-kernel CIFS server.
> 
> Volker
> 
> P.S: I know I'm being cynic, but this distinction is a fully
> and 100% broken idea.

Thanks,
-- 
AJ Lewis
Work/Cell: (612)860-8068


-----------------------------------------------------------
The information contained in this transmission may be 
confidential. Any disclosure, copying, or further 
distribution of confidential information is not permitted 
unless such privilege is explicitly granted in writing by 
Quantum Corporation. Furthermore, Quantum Corporation is not 
responsible for the proper and complete transmission of the 
substance of this communication or for any delay in its 
receipt.
------------------------------------------------------------


More information about the samba-technical mailing list