smbcacls support for automatic inheritance propagation

Richard Sharpe realrichardsharpe at gmail.com
Fri Jan 31 20:54:17 MST 2014


On Fri, Jan 31, 2014 at 9:52 AM, Noel Power <nopower at suse.com> wrote:
> Hi David
>
> On 31/01/14 15:26, David Disseldorp wrote:
>> On Thu, 30 Jan 2014 16:25:40 +0000, Noel Power wrote:
>>
>>> On 30/01/14 15:41, Noel Power wrote:
>>>> thanks (updated patches to follow) Noel
>>> I failed miserably with git send-mail, no doubt I have now a couple of
>>> patches in the moderation queue, please see
>>> http://cgit.freedesktop.org/~noelp/noelp-samba/log/?h=smbcacls_review%232 for
>>> the patches instead
>> This round looks good, there are a few more things I ran into during
>> testing/review:
>>
>> prepare_inheritance_propagation() validates the command line ACL after
>> connecting to the share. I'd prefer it if this was done beforehand.
>>
>> cacl_set() should use the same code path as inheritance_cacl_set(),
>> as it's basically the same as doing a inheritance_cacl_set() with
>> acl_no_propagate.
>>
>> There are still some mixed declarations and code (lines 1620 and 1683).
>>
>> Cheers, David
> http://cgit.freedesktop.org/~noelp/noelp-samba/log/?h=smbcacls_review%232 contains
> the latest patches that
> a) address the review comments
> b) the issue of not losing the inherited and inheritable ace(s)
> associated with the container smbcacls is about to operate on
>
>
> p.s. I will roll up those patches into another round of the original
> patch set ( but it might even be easier to review the last 3 commits at
> the branch above)

I have not been paying attention so I have lost contact with the
intent of these patches, but it seems impossible to replicate Windows
ACL Inheritance behavior giving that with Windows it applies at object
creation time, but here we are applying it after the fact.

This might not be a problem, of course.

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)


More information about the samba-technical mailing list