Current approaches to ACL handling
J. Bruce Fields
bfields at fieldses.org
Tue Oct 16 08:58:02 MDT 2012
On Mon, Oct 08, 2012 at 02:53:36PM -0500, Christopher R. Hertel wrote:
> If I understood Alexander's suggestion, it was to implement Windows
> ACLs in the filesystem/kernel. That would mean that Samba would no
> longer need to adapt because the semantics would be what we'd
> expect.
>
> On the other hand, how would the kernel go about enforcing some of
> the more obscure permissions for non-Samba processes? How would NFS
> interpret the ACLs? What about local processes? Which permissions
> would be exposed to the local user and which would not? The
> adaptations would have to move, probably into the kernel with the
> new ACL type.
I think this is the most recent posting of the richacl patches:
http://thread.gmane.org/gmane.linux.kernel/1206630/
It includes enforcement of new permission bits; e.g., write attributes:
http://thread.gmane.org/gmane.linux.kernel/1206630/focus=1206636
delete and delete child:
http://thread.gmane.org/gmane.linux.kernel/1206630/focus=1206638
file vs directory creation:
http://thread.gmane.org/gmane.linux.kernel/1206630/focus=1206642
So they are of course intended to be exposed and enforced consistently
against local, NFS, and Samba users.
Review is welcome; if you see anything specific missing, please let us
know.
--b.
More information about the samba-technical
mailing list