WANTED: Difficult NT ACLs with their posix mappings
Andrew Bartlett
abartlet at samba.org
Wed Aug 22 02:54:04 MDT 2012
On Wed, 2012-08-22 at 08:50 +0200, Volker Lendecke wrote:
> On Wed, Aug 22, 2012 at 08:58:58AM +1000, Andrew Bartlett wrote:
> > I'm adding tests to ensure that complex and difficult NT ACLs are
> > correctly mapped to the correct or at least closest posix equivalent.
> >
> > This will, for the first time, provide a unit test of our NT -> POSIX
> > ACL mapping layer.
> >
> > If you have some particularly tricky ACLs in SDDL format, and the
> > matching posix representation I would like to work with you to extend
> > the new posixacls.py test to assert that we do not break this conversion
> > in future, if we need to change the posix ACL mapping code.
> >
> > I'll need the domain SID, the SDDL, the getfacl output and the SID
> > mappings. If you can reproduce setting this acl in the plugin_s4_dc
> > environment this would be ideal. (run vfstest under
> > SELFTEST_TESTENV=plugin_s4_dc make testenv).
> >
> > We may need to create some extra groups.
>
> There's more things that require testing: Inheritance when
> creating files and directories is tricky. Then also we need
> to test setting just the owner, group or dacl and nothing
> else.
Indeed! Once I get the framework in place, I'm hoping we can work
together to significantly expand the combinations tested.
I'll have that in the tree soon, it is just dependent on posix ACL
provision work due to patch ordering, and I'm waiting for some feedback
on that.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list