Current approaches to ACL handling
Christopher R. Hertel
crh at ubiqx.mn.org
Mon Oct 1 13:19:52 MDT 2012
On 10/01/2012 02:05 PM, Volker Lendecke wrote:
> On Mon, Oct 01, 2012 at 01:57:20PM -0500, Christopher R. Hertel wrote:
>> On 10/01/2012 01:52 PM, Jeremy Allison wrote:
>>> On Mon, Oct 01, 2012 at 02:42:51PM -0400, simo wrote:
>>>> On Mon, 2012-10-01 at 13:28 -0500, Christopher R. Hertel wrote:
>>>>> What are the current best practices for ACL handling?
>>>>> To my knowledge, it's using EAs to store the ACLs. Is there any in-depth
>>>>> documentation on this implementation? Are there any other mechanisms in
>>>> We store the Windows ACL in an EA and a matching posix ACL translation
>>>> on the file, plus a sha hash of the ACL so we can be sure they are in
>>>> I am not aware of any other doc beyond the code.
>>> Well there are some SambaXP talks on it I did a while ago :-).
>> I'll look at the code and your talks. Those are the kinds of pointers I
>> Is there any reason to even consider the possibility of thinking about
>> pondering the idea of toying with the concept of somehow using TDB (CTDB)
>> to manage ACLs, or is that not a particularly rational approach?
> Why would you want that? xattr size limitations?
I didn't say I wanted it, I was just thinking of possibilities.
Also, I'm working in a clustered environment and I need to consider handling
of EAs across the cluster. CTDB would be one way to ensure that the ACLs
were in sync across the cluster. If I am using EAs, I need to ensure that
my platform doesn't have any issues propagating updates to the EAs. It's
probably not an issue, but since EAs are not always the first thing file
systems developers consider...
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical