Lower-level-Access Checks - avoid duplicate access checks on open
jra at samba.org
Mon Apr 10 23:03:13 UTC 2017
On Sat, Apr 08, 2017 at 11:54:03PM -0500, Steve French via samba-technical wrote:
> Has anyone ever experimented with extending the syscalls (or adding
> ioctls) for access() checking to allow access checks to be done once
> rather than twice (in BOTH Samba and in the file system layer(s))?
> Today access checks are done in the underlying fs and in Samba (e.g.
> the se_file_access_checks that source3/smbd/open.c calls to check for
> permissions on open/create).
> Presumably access() could be tricked into passing more information -
> but other than that are there other ways that have been explored to
> disable all access checking and let lower levels do it? If access
> checks are simply disabled in Samba, presumably at least read/write
> access flags (for data, not metadata) are already checkable, but
> presumably you could never get delete permission right in the access
> right without magic? Are there other obvious things which would fail?
I think that's a bad idea. Samba is designed to emulate exactly
a Windows SMB1/2/3 server, including evaluation of NT ACLs.
You'd need a kernel that 100% matches Windows semantics for
all operations to even get close. Maybe the Windows linux
kernel module might :-).
More information about the samba-technical