An interface to share-level permissions through the VFS or another shared library ...

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Jun 15 23:53:17 MDT 2012

On Fri, Jun 15, 2012 at 12:24:04PM -0700, Richard Sharpe wrote:
> Hi folks,
> Currently, as far as I can see, the interface to share-level ACLs is
> private within Samba, and they re currently stored in a TDB.
> However, some system integrators who are doing replication, might
> prefer to keep this information in XATTRs so they don't have to
> replicate different types of objects ...
> Of course, this does raise other issues. In particular, co-ordinating
> updates by multiple users and issues of application-consistency with
> respect to replication etc.
> If we were to entertain a VFS-level interface, it would have to go in
> the disk-operations group, I would imagine.
> Any comments/thoughts?

This is what some system integrators use ctdb with its
persistent databases for. If we were to move those share
acls somewhere else, I would prefer the registry. For
automated, script-based configuration, the registry is very
handy. net conf setparm is easier to call than
parsing/printing an smb.conf.

This would then mean that the integrator has to replicate
files and the registry. That's two kinds of objects, not
other tdbs as well.

If you are about to put the share acl into an xattr, please
make that a modular interface, so that we can do other
approaches as well.

With best regards,

Volker Lendecke

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen, mailto:kontakt at

More information about the samba-technical mailing list