ACL check in elog_check_access?

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Jun 18 13:34:05 GMT 2008

Hi, Jerry!

While looking at ACLs again I came across
elog_check_access() as the only caller of
get_nt_acl_no_snum(). If I get it right (I'm not sure about
that...) then this code does a user-space access check (look
at elog_open) after having opened a tdb file with
become_root(). Question: Why? Wouldn't it be possible to
just open as the authenticated pipe user and rely on the
kernel to do the access checks?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list