mapping SYNCHRONIZE permission in NTFS ACL for ZFS
Jeremy Allison
jra at samba.org
Tue Jan 11 17:42:43 MST 2011
On Tue, Jan 11, 2011 at 04:32:36PM -0800, Paul B. Henson wrote:
> On Tue, 11 Jan 2011, Jeremy Allison wrote:
>
> > I'd probably recommend just always setting the SYNCHRONIZE_ACCESS bit
> > when returning an ACL from ZFS/NFSv4 within Samba, and just ignoring
> > whether it's set on or not on read.
>
> If I understand your recommendation correctly, that's what my patch does,
> as well as stripping the bit out when writing an ACL back to ZFS as not to
> clutter the ACL with meaningless permissions on the local/NFS access side.
Hmmm. Yes. I was going to recommend leaving it alone on set,
but if it's really being defined as a server-side NO-OP then
there's really no need. Unless there are ported Windows apps
(wine maybe ?) that might want to see it when reading NFSv4
ACLs ? Ah, but then I guess they should just do the mapping
themselves...
I've also looked at the smbtorture4 RAW-ACLs test, and every
ACL we set there always uses SEC_STD_SYNCHRONIZE, so I think
we're ok here.
Can you do me a favour, and log a bug against 3.5.6 on bugzilla.samba.org
so I can add in the patch for 3.6.0 and a future 3.5.x release ?
Jeremy.
More information about the samba-technical
mailing list