ACL formats used by sharesec in 4.2
Christof Schmitt
cs at samba.org
Thu Apr 23 10:44:20 MDT 2015
Hi,
i noticed that the ACL output printed by sharesec has been changed
through this commit:
commit 4a9d64e37a72cd1384c1e8db54532b8e850715cd
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 14:38:24 2014 +0200
sharesec: use NDR security descriptor print fns
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
While i understand the goal to share code, now the input format of
sharesec is different than the output format:
Setting a share-level ACL uses the old format:
# sharesec test -a S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
Quering it returns the NDR dump:
# sharesec test -v
: struct security_descriptor
revision : SECURITY_DESCRIPTOR_REVISION_1 (1)
type : 0x8004 (32772)
0: SEC_DESC_OWNER_DEFAULTED
0: SEC_DESC_GROUP_DEFAULTED
1: SEC_DESC_DACL_PRESENT
0: SEC_DESC_DACL_DEFAULTED
0: SEC_DESC_SACL_PRESENT
0: SEC_DESC_SACL_DEFAULTED
0: SEC_DESC_DACL_TRUSTED
...
This is probably not very useful. Should we revert the patches to return
to the old output format?
The manpage still lists the old output, but updating the manpage would
be a minor issue after deciding how the output should look like.
The other option would be using the sddl format, but that is difficult
to input manually:
# sharesec test -S 'D:(A;;0x001f01ff;;;WD)(A;;0x001f01ff;;;S-1-5-21-1866488690-1365729215-3963860297-17724)'
# sharesec test -V
D:(A;;0x001f01ff;;;WD)(A;;0x001f01ff;;;S-1-5-21-1866488690-1365729215-3963860297-17724)
Christof
More information about the samba-technical
mailing list