vfs_fruit bug in ACL get/set - [PATCH] attached.

Jeremy Allison jra at samba.org
Fri Mar 2 22:35:13 UTC 2018

On Fri, Mar 02, 2018 at 11:17:00PM +0100, Ralph Böhme wrote:
> I was thinking about moving setting *and* getting to a lower layer. Whichever
> layer ends up doing it, should be fixed to correctly filter of course. I'm just
> questioning whether keeping this in fruit is the right thing to do when we're
> starting to use this more broadly.

Well it's still pretty fruit-specific. For example,
I don't want the SMB2 unix extensions to return the
global_sid_Unix_NFS_Users or global_sid_Unix_NFS_Groups,
as that's info that the client shouldn't have (IMHO),
as it's already covered by the owner and group SIDs
in the ACL returned. My current prototype code for
SMB2 unix only returns global_sid_Unix_NFS_Mode.

I understand why they did it for NFS or fruit, but
I really want the SMB2 unix design to be cleaner
than that - and one of the mandates I set myself
was "No UID's/GID's" - only SIDs.

The mode bits are OK, but not uids/gids - there's
nothing the client can or should do with them,
they're a server implementation detail IMHO.

> I'll take a look. We can then reshuffle things later as needed.

Thanks !


More information about the samba-technical mailing list