un-deprecate "acl check permissions"
Uri Simchoni
uri at samba.org
Sat May 21 10:20:50 UTC 2016
On 05/21/2016 01:03 AM, Jeremy Allison wrote:
> On Fri, May 20, 2016 at 05:00:49PM +0300, Uri Simchoni wrote:
>> Hi,
>>
>> I think I have a valid use for the deprecated "acl check permissions"
>> parameter, and would like feedback - if it makes sense maybe we can
>> "undeprecate" it.
>>
>> The use case is a non-POSIX file system implemented by FUSE. The file
>> system has its own peculiar authorization checks. Usually, Samba would
>> just try the operation and report failure if it fails, without assuming
>> anything. The problem is with file deletion, where samba has to guess
>> the outcome of deletion attempt.
>>
>> To solve that, I can have a VFS module that overrides create_file_fn,
>> and if the access mask includes DELETE, fail the call according to the
>> FUSE file system's rules (a simple implementation can be to call
>> access(dirname, W_OK) on the file's parent dir, and let the FUSE
>> implementation of access() decide - that's mostly correct even for POSIX
>> file systems, except for the sticky bit).
>>
>> However, while such a scheme would block undesired deletions, valid
>> deletions can be blocked by the default file open checks, which, I
>> believe, are bypassed by setting "acl check permissions".
>>
>> Comments?
>
> Can't you also fix this by overriding get_acl_fn() to set the
> DELETE bit as appropriate ?
>
I suppose I can :)
I was preaching against doing it at the FUSE level (providing different
stat() result based on the user that was stat'ing - would break kernel
assumptions and create issues with caching) so I forgot I can do it in
samba.
Thanks!
Uri.
More information about the samba-technical
mailing list