Current approaches to ACL handling
Christopher R. Hertel
crh at ubiqx.mn.org
Mon Oct 8 14:52:14 MDT 2012
On 10/08/2012 03:19 PM, Marc Muehlfeld wrote:
> Am 08.10.2012 18:05, schrieb Christopher R. Hertel:
>> There is an inherent mismatch between the semantics of Windows ACLs and the
>> models available in Linux/Unix, including the RichACL model. There will
>> be a pure 1:1 mapping.
> Sorry, if this is a stupid question from someone who isn't a developer:
> What about if the underlaying filesystem is NTFS? I mean if I e. g. have my
> sysvol share on a NTFS formated partition on my s4 server. Wouldn't this be
> a way where a mapping to unix ACLs are needless?
> With ntfs-3g utils I can get the IDs of files on my NTFS volume:
> # ntfs-3g.secaudit -vv bootmgr | grep ':dec'
> O:dec S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464
> G:dec S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464
Yes, that would give you Windows ACLs in the file system.
I am always ready to be hit with the clue-bat, but where I think there would
be trouble is in managing and enforcing those ACLs on the Linux side. Local
users, NFS users, etc. ... how do those interact?
I'm sure that the NTFS file system for Linux already has a way of mapping
the Windows ACLs to expected Linux/POSIX behaviors. If so, I'm fairly sure
it would be another "adaptation", probably ignoring some permissions and
making guesses about others. What happens, for instance, if a Linux process
creates a file on a mounted NTFS file system:
path = "/mnt/wind/Users/Default/My Documents/foo.bar";
open( path, O_CREAT | O_TRUNC | O_WRONLY, 0764 );
I ask because I don't actually know the answer. I'm not sure how the Linux
NTFS file system would interpret the above and what ACL it would create in
NTFS to represent it.
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical