[Samba] Full wNT/w2K ACL conformance

José Luis Tallón jltallon at adv-solutions.net
Mon Jun 16 22:53:45 GMT 2003

We are planning to replace a quite big domain running W2K with Samba ( at 
the very least, the DC ).

Though i'd love to have the extra security capabilities of W2K ( Kerberos ) 
as a DC, Samba/NT4 as PDC/BDC with ldapsam will more than suffice for now.

The show-stopper right now is this: we need to be able to assign "real" 
Full Control permissions: a user who has "Full control" on a directory 
should be able to Read, Write, eXecute ( of course) [ this can be easily 
achieved with ACLs ]  *plus*  being able to give away Full Control to other 
users too [ being able to override inherited ACLs would be a plus, too ]. 
Is this feasible (remember smbd runs as root... )? Has somebody though 
about implementing this ?

I thought that maybe coding a wrapper around SecLib could achieve this. 
Being quite fluent in C/C++ both in Un*x as well as Win32 I don't mind 
coding whatever tool is needed to achieve this, provided it is indeed 
possible. If not, some suggestions/comments ( or even an approximate 
timeline for implementation! ) would be more than welcome.

Thanks in advance everybody.
Keep the good work, Samba Team!

Kind regards,

More information about the samba mailing list