un-deprecate "acl check permissions"
Uri Simchoni
uri at samba.org
Fri May 20 14:00:49 UTC 2016
Hi,
I think I have a valid use for the deprecated "acl check permissions"
parameter, and would like feedback - if it makes sense maybe we can
"undeprecate" it.
The use case is a non-POSIX file system implemented by FUSE. The file
system has its own peculiar authorization checks. Usually, Samba would
just try the operation and report failure if it fails, without assuming
anything. The problem is with file deletion, where samba has to guess
the outcome of deletion attempt.
To solve that, I can have a VFS module that overrides create_file_fn,
and if the access mask includes DELETE, fail the call according to the
FUSE file system's rules (a simple implementation can be to call
access(dirname, W_OK) on the file's parent dir, and let the FUSE
implementation of access() decide - that's mostly correct even for POSIX
file systems, except for the sticky bit).
However, while such a scheme would block undesired deletions, valid
deletions can be blocked by the default file open checks, which, I
believe, are bypassed by setting "acl check permissions".
Comments?
Thanks,
Uri.
More information about the samba-technical
mailing list