Evaluating Windows Security Descriptors.

Fri Jan 4 18:58:44 GMT 2008

Volker Lendecke wrote:
> On Fri, Jan 04, 2008 at 11:30:29AM -0600, Christopher R. Hertel wrote:
>> What still confuses me, however, is how the information is actually used.
>> Is it simply another path (accessed via the Windows GUI, I assume) between
>> CIFS semantics and the stored POSIX semantics?
>>
>> There's code (I think you or Jeremy aimed me in the right direction) to
>> evaluate the ACEs.  Is that really only used to determine which files are
>> hidden, etc.?
> 
> Not sure here. In the past there used to be a mess where
> some code paths would still look at the posix acls only or
> even just the permission bits. There has been a lot of work
> in this area, so I'm not sure if any places are left.

Thanks again, Volker.  We're trying to dig through the code at this end to
see how it all intertwines.  I'm just looking for travel tips from the
natives, as it were.

I've also been watching Steve's discussions regarding CIFS ACL support in
the CIFS client file system.  Seems there's actually a lot of work going on
in this general area at present.

As you know, my goal here is to figure out how to provide CIFS Security
Descriptor semantics straight through from the wire to the file system on
disk (which supports the Windows meta data) and back again.  Any guidance
you or the list can provide would be most welcome.

Chris -)-----
PS.  The discussion of kernel vs user-land enforcement was noted and taken
     seriously at this end.  There are a lot of file system engineers here,
     including several former Linux-GFS developers, so I'll just watch from
     the sidelines.

-- 
"Implementing CIFS - the Common Internet FileSystem"    ISBN: 013047116X
Samba Team -- http://www.samba.org/    -)-----     Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/  -)-----  ubiqx development, uninq
ubiqx Team -- http://www.ubiqx.org/    -)-----          crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/   -)-----             crh at ubiqx.org