Python tests of Access Control Lists and Privileges
realrichardsharpe at gmail.com
Mon Mar 26 09:18:54 MDT 2012
2012/3/26 Nadezhda Ivanova <nivanova at samba.org>:
> HI Richard,
> This is the approach most often taken when we worked on the DC acls. I would
> also suggest testing with permissions granted to the particular user, to a
> group, and testing conflicting permissions - granted to a group but
> forbidden to another group, with the user part of both for example. I know
> this is not an usual scenario, but we are talking security here :).
> I have not looked at your implementation and am a bit rusty in samba
> development, so forgive me if this is pointless, but I suggest you have a
> log for every access check that dumps the descriptors, it really helps to
> determine why a test has failed.
Thank you for your feedback. I don't yet have an implementation :-)
just some fixes to existing code so that I can implement something
that will fit into the existing framework.
More information about the samba-technical