Python tests of Access Control Lists and Privileges

[Richard Sharpe]

2012/3/26 Nadezhda Ivanova <nivanova at samba.org>:
> HI Richard,
> This is the approach most often taken when we worked on the DC acls. I would
> also suggest testing with permissions granted to the particular user, to a
> group, and testing conflicting permissions - granted to a group but
> forbidden to another group, with the user part of both for example. I know
> this is not an usual scenario, but we are talking security here :).
> I have not looked at your implementation and am a bit rusty in samba
> development, so forgive me if this is pointless, but I suggest you have a
> log for every access check that dumps the descriptors, it really helps to
> determine why a test has failed.

Thank you for your feedback. I don't yet have an implementation :-)
just some fixes to existing code so that I can implement something
that will fit into the existing framework.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)