should get_nt_acl_no_snum really avoid VFS modules?

Jeremy Allison jra at
Fri May 18 00:15:46 GMT 2007

On Thu, May 17, 2007 at 03:17:57PM -0700, James Peach wrote:
> Hi Jeremy,
> I just bumped into the get_nt_acl_no_snum() function, and it seems  
> that this always calls the POSIX ACL implementation.
> Since there's no guarantee that the file it is checking access to is  
> on a POSIX filesystem or that the platform even supports POSIX ACLs,  
> shouldn't this call SMB_VFS_GET_NT_ACL instead of get_nt_acl()?

This is a local api for local people, there's nothing for
you here ! :-).

Seriously it's designed for smbd internal use, knowing it's
accessing a local filesystem.... So I think it's just expecting
a "standard" unix permset to be mapped into an NT ACL. 

It doesn't matter if the path doesn't support POSIX ACLs
as it'll translate mode_t into an NT ACL.

> And shouldn't it use the dirname of the path it is checking for the  
> fake connectpath, rather than '/', since they could be different  
> filesystem types? And even that is a bit wonky, because it probably  
> assumes that the global ACLs module is appropriate for this path,  
> which might not be true.
> If you give me a hint, I'll code up a patch :)

Hmmmm. Is it causing you grief at the moment ?


More information about the samba-technical mailing list