[PATCH] Patches required for POSIX ACL support of GPOs

steve steve at steve-ss.com
Fri May 11 04:16:20 MDT 2012


On 05/11/2012 10:03 AM, Andrew Bartlett wrote:
> On Fri, 2012-05-11 at 00:58 -0700, Jeremy Allison wrote:
>> On Thu, May 10, 2012 at 08:37:38PM +1000, Andrew Bartlett wrote:
>>
>>> For the normal case, when we start having IDMAP_BOTH in general, we need
>>> to be very careful - any change to the POSIX ->  NT mapping will disrupt
>>> the hash we store in the NT ACL, as it is the hash of the NT mapping of
>>> the POSIX ACL, not the hash of the POSIX ACL!  This will mean that the
>>> NT ACL will be ignored (as it will appear that the POSIX ACL has
>>> changed).  I think this was a very poor design choice, but we can't undo
>>> that now.
>> Remember that the only thing we can guarentee to get back
>> from the lower layer is a NT mapping from the underlying
>> system. The underlying system may not be a POSIX ACL at
>> all, it may be a GPFS ACL, or a ZFS ACL or any number of
>> other types of object. So how could we hard-code a hash of
>> the POSIX ACL here ?
> Easy: ask for a hash of the ACL as a distinct VFS operation.  Then the
> type of ACL doesn't matter, just the returned value.
>
>> Hashing the NT mapping was the only possible choice.
> I strongly disagree.
>
> Andrew Bartlett
>
Hi everyone

If I set e.g. a group rw ACL on the underlying file system on Linux, it 
is not understood by s3fs on Windows. Files created in the share under 
Linux appear rw-rw. Files created in the same share under Windows appear 
rwxrwx-x but can only be edited by the owner of the file.

Guys, this is just not working.

Cheers,
Steve



More information about the samba-technical mailing list