Current approaches to ACL handling

Jeremy Allison jra at
Mon Oct 8 11:41:05 MDT 2012

On Mon, Oct 08, 2012 at 01:23:25PM +0200, Alexander Werth wrote:

> In think an override of the kernel checks is necessary to get better ACL
> compatibility. That's because the some of the posix operations samba
> uses to execute a specific cifs call require more permissions by the
> kernel than the cifs call they implement.

Some people want that. And some people want POSIX to take precedence.
We have to try and satisfy both. Currently we err on the side of POSIX.

> And the situation will get worse with the fine grained Rich ACL support
> in the kernel.
> For example the permission to read the permissions might not be granted
> on a file but Samba will expect to be able to read and evaluate the
> permissions for an open call nevertheless.

Actually the situation will get much better with RichACL support.
Samba will be able to map the Windows ACLs to and from RichACLs much
better than we can to POSIX ACLs, meaning the semantics will match
much more closely.


More information about the samba-technical mailing list