Current approaches to ACL handling

Jeremy Allison jra at
Mon Oct 1 13:06:14 MDT 2012

On Mon, Oct 01, 2012 at 01:57:20PM -0500, Christopher R. Hertel wrote:
> On 10/01/2012 01:52 PM, Jeremy Allison wrote:
> >On Mon, Oct 01, 2012 at 02:42:51PM -0400, simo wrote:
> >>On Mon, 2012-10-01 at 13:28 -0500, Christopher R. Hertel wrote:
> >>>What are the current best practices for ACL handling?
> >>>
> >>>To my knowledge, it's using EAs to store the ACLs.  Is there any in-depth
> >>>documentation on this implementation?  Are there any other mechanisms in use?
> >>
> >>We store the Windows ACL in an EA and a matching posix ACL translation
> >>on the file, plus a sha hash of the ACL so we can be sure they are in
> >>sync.
> >>
> >>I am not aware of any other doc beyond the code.
> >
> >Well there are some SambaXP talks on it I did a while ago :-).
> >
> >Sorry.
> I'll look at the code and your talks.  Those are the kinds of pointers I needed.
> Is there any reason to even consider the possibility of thinking
> about pondering the idea of toying with the concept of somehow using
> TDB (CTDB) to manage ACLs, or is that not a particularly rational
> approach?

Not a good approach IMHO. Too much chance of the meta-data
becoming detached from the data.


More information about the samba-technical mailing list