get_nt_acl()
Simo Sorce
idra at samba.org
Wed Sep 30 03:11:14 MDT 2009
On Tue, 2009-09-29 at 12:40 -0700, Jeremy Allison wrote:
> On Tue, Sep 29, 2009 at 02:58:42AM -0400, Novgorodsky, Sergey wrote:
> >
> > Hi -
> >
> > I have my VFS module, it doesn't support ACLs -
> > I set errno=ENOTSUP and return NULL/-1 in all POSIX ACL operations.
> > I do the same in NT ACL functions (get_nt_acl, fget_nt_acl, fset_net_acl) - set ENOTSUP and return
> > map_nt_error_from_unix(errno), but that seems to cause problems on Win 2003 server, some
> > applications receive NT_ACCESS_DENIED error when trying to delete or create file on my Samba share.
> > I can see in log.smbd that it happens after get_nt_acl() call in my module.
> >
> > Is it correct to return ENOTSUP from get_nt_acl() in my module? Should I somehow disable ACL support to
> > avoid these problems?
>
> In 3.4.x you can't just return ENOTSUP from get_nt_acl() - just
> return an acl containing "Everyone:Full Access" and you should
> be fine.
Jeremy,
wouldn't it be better if we faked Everyone:Full Access when we get back
ENOTSUP instead ?
That way we can control exactly what permissions we want to grant if
ACLs are not supported without having to change all modules in case we
want to change it.
Simo.
More information about the samba-technical
mailing list