[PATCH] Dynamic share permission change detection.
boyang at samba.org
Mon Nov 30 06:14:45 MST 2009
Volker Lendecke wrote:
> On Mon, Nov 30, 2009 at 08:54:42PM +0800, boyang wrote:
>>> Quick comment: We can't do a become_root() on every open.
>>> This is too expensive. We need to attach something like a
>>> security descriptor to the connection_struct to do the
>>> se_access_check in the open call.
>> The problem here is that security descriptor alone cannot decide whether
>> the user has right to access or not..
>> lp_valid_users() and lp_xxx_users() affects access control.
>> User shares have no such list, so I think a security descriptor can work
>> for user shares. But for normal shares, we can not ignore lp_xx_users()
>> lists, unless we don't want it work. :-)
>> Should we ignore normal share's lp_xx_users() list at present?
> No, we can't ignore those. It should be possible to use the
> "valid users", "read list" and the other access control
> parameters to create a security descriptor. SDs are
> expressive enough to cover all these cases.
> We definitely need to minimize the work in
> open_file_ntcreate to the absolute minimum, otherwise our
> performance will just go down the tube. It might be
> difficult to code up the secdesc from a general share
> definition, but there is no other way.
I see. We need map functions to map those parameters to security
Bo Yang, Software Engineer, Suse Labs
Samba Team boyang at samba.org http://www.samba.org/
SUSE Linux boyang at suse.de http://www.novell.com/
More information about the samba-technical