acl_xattr storage format (Re: Moving forward towards releasing Samba 4.0)

Stefan (metze) Metzmacher metze at
Mon May 21 01:27:01 MDT 2012

Am 21.05.2012 09:23, schrieb Andrew Bartlett:
> On Mon, 2012-05-21 at 09:00 +0200, Stefan (metze) Metzmacher wrote:
>> Hi Andrew,
>>> I would also like to make the change to the acl_xattr storage format I
>>> discussed on the list (move to a hash of the raw posix ACL, not the
>>> mapped NT ACL), but I will not let this put off the beta. 
>> That's not possible, as there might be other things than raw posix ACL's
>> (e.g. simple posix permissions, NFSv4 ACL's ...),
>> the only thing that matters is the mapping between the NTACL we try to
>> store and the one that will be returned by the underlying layers.
> All those different backends will need to provide an acl_hash VFS
> operation, returning a sha1 of whatever the OS layer they have is. 
> Otherwise, even a change to our id mapping to map a previously unmapped
> ID will invalidate the NT ACL, as if the posix ACL had been modified. 
> I'm particularly concerned that any change in our POSIX ACL -> NT ACL
> mapping (to fix a bug in the mapping, such as might be required for
> #8938 if confirmed) would otherwise invalidate all mappings on disk. 
> Perhaps it will be all to hard to do in a generic way, but where
> possible I want to make this less fragile (the existing codepath and
> system will remain, both for backwards compat and for any path that
> doesn't declare an acl_hash method). 

Ok, something like that might work...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list