posix acl

Richard Sharpe realrichardsharpe at gmail.com
Sun Feb 14 22:17:18 UTC 2016


On Fri, Feb 12, 2016 at 8:44 PM, Greg Silverman <silvermangb at gmail.com> wrote:
> From Windows clients I see many getxattr calls for
> "system.posix_acl_permissions" and "system.posix_acl_default". At this time,
> I return EOPNOTSUPP for  system directories and ENODATA for others.
>
> If the format of responses to these calls was ASCII, like,
> "u:rwx;g:rw-;o:--x", I could return the permissions in the char * buffer.
> What is the format of those responses?

So, the Windows clients are not actually sending requests for
system.posix_acl_default etc. They are sending requests for Security
Descriptors and Samba is translating them to requests to get those
XATTRs.

Now, if you want to support that you need to get the posix ACL spec
and then do the correct permission checks at open time.

It's a bit of work.

> On Fri, Feb 12, 2016 at 6:50 PM Richard Sharpe <realrichardsharpe at gmail.com>
> wrote:
>>
>> On Fri, Feb 12, 2016 at 6:40 PM, Greg Silverman <silvermangb at gmail.com>
>> wrote:
>>  > I create them. I use fuse to create a virtual file system. Those
>> attribute
>> > only have the meaning I give them. I determine at runtime which
>> > privileges a
>> > user has for any file or folder, independent of permission in the
>> > physical
>> > storage. That is, if I knew the binary format used to represent
>> > permissions.
>>
>> OK, but in the FUSE model you are presented with a GETXATTR or
>> SETXATTR requests. To interpret them seems more than you are supposed
>> to do.
>>
>> Of course, I suppose it depends on the target file system and how do
>> you handle the case where the admin is using acl_xattr and you are
>> presented with XATTRs that are encoded Security Descriptors?
>>
>> > On Fri, Feb 12, 2016 at 6:35 PM Richard Sharpe
>> > <realrichardsharpe at gmail.com>
>> > wrote:
>> >>
>> >> On Wed, Feb 10, 2016 at 2:55 PM, Greg Silverman <silvermangb at gmail.com>
>> >> wrote:
>> >> >
>> >> > I am developing with fuse. What are the binary formats for posix acls
>> >> > &
>> >> > security settings? Where can I find these so I can respond to the
>> >> > xattr
>> >> > calls correctly?
>> >>
>> >> Hmmm, surely, as a file system developer they are opaque blobs.
>> >>
>> >> That is, you don't care what the format of those blobs is. You simply
>> >> store them or retrieve them?
>> >>
>> >> Am I missing something here?

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)



More information about the samba-technical mailing list