Who should be the owner of newly created files when the creator is in the local Administrators group
Jeremy Allison
jra at samba.org
Mon Apr 30 14:24:23 MDT 2012
On Mon, Apr 30, 2012 at 01:18:47PM -0700, Richard Sharpe wrote:
> >>
> >> Well, if acl_xattr (or even acl_tdb) is in use, we do not care at all
> >> about POSIX groups.
> >
> > That's not true at all, even when using acl_xattr we still fill in posix
> > ACLs, as that's what's used by the system, and we still let the kernel
> > us posix acls to check access to the file (mostly :).
>
> Oh my, so you mean that the system I work on works by magic? We have
> no posix ACLs and do not let any such thing get passed to the
> underlying file system (and it is accessed via user space.)
>
> >> So, from my perspective, modules/vfs_acl_common.c can get it right and
> >> things will be fine.
> >
> > It's more complex that that, afaicr.
>
> I yield to your superior knowledge of the code I have been working on.
>
> > Jeremy,
> > care to comment ?
Now now children, no more aguing or you both go to bed
without any milk and cookies :-) :-).
If sid_to_uid() "just works" (tm) for an incoming group-as-owner
and returns a valid uid, then the posix_acl code will not
know any different, and if we're using the xattr store for
the Windows ACL on top, then Windows won't know any different
either.
The magic part is making sid_to_uid() "just work" when
given an owner SID of DOMAIN\Administrators. That's the
part I'm least competent to comment on, as it's in the
realm of Simo and id-mapping. So I won't :-).
Cheers,
Jeremy.
More information about the samba-technical
mailing list