[Samba] Full wNT/w2K ACL conformance
José Luis Tallón
jltallon at adv-solutions.net
Mon Jun 16 22:53:45 GMT 2003
We are planning to replace a quite big domain running W2K with Samba ( at
the very least, the DC ).
Though i'd love to have the extra security capabilities of W2K ( Kerberos )
as a DC, Samba/NT4 as PDC/BDC with ldapsam will more than suffice for now.
The show-stopper right now is this: we need to be able to assign "real"
Full Control permissions: a user who has "Full control" on a directory
should be able to Read, Write, eXecute ( of course) [ this can be easily
achieved with ACLs ] *plus* being able to give away Full Control to other
users too [ being able to override inherited ACLs would be a plus, too ].
Is this feasible (remember smbd runs as root... )? Has somebody though
about implementing this ?
I thought that maybe coding a wrapper around SecLib could achieve this.
Being quite fluent in C/C++ both in Un*x as well as Win32 I don't mind
coding whatever tool is needed to achieve this, provided it is indeed
possible. If not, some suggestions/comments ( or even an approximate
timeline for implementation! ) would be more than welcome.
Thanks in advance everybody.
Keep the good work, Samba Team!
Kind regards,
J.L.
More information about the samba
mailing list