[Samba] Full wNT/w2K ACL conformance
José Luis Tallón
jltallon at adv-solutions.net
Wed Jun 18 10:27:42 GMT 2003
I Hate to reply myself, but since noone answered ...
>We are planning to replace a quite big domain running W2K with Samba ( at
>the very least, the DC ).
>
>Though i'd love to have the extra security capabilities of W2K ( Kerberos
>) as a DC, Samba/NT4 as PDC/BDC with ldapsam will more than suffice for now.
>
>The show-stopper right now is this: we need to be able to assign "real"
>Full Control permissions: a user who has "Full control" on a directory
>should be able to Read, Write, eXecute ( of course) [ this can be easily
>achieved with ACLs ] *plus* being able to give away Full Control to
>other users too [ being able to override inherited ACLs would be a plus,
>too ]. Is this feasible (remember smbd runs as root... )? Has somebody
>though about implementing this ?
Seems like every implementation of ACL comes together with Extended
Attributes support ( at least Ext2/ext3, XFS, ReiserFS ). Any exceptions ?
How about using one EA to map some Windows' attributes ? Full Control,
Archive ( though it can be emulated through ctime/atime/mtime ), Change
Only, come in a first pass over this.
>I thought that maybe coding a wrapper around SecLib could achieve this.
>Being quite fluent in C/C++ both in Un*x as well as Win32 I don't mind
>coding whatever tool is needed to achieve this, provided it is indeed
>possible. If not, some suggestions/comments ( or even an approximate
>timeline for implementation! ) would be more than welcome.
Any comments on this??
>Thanks in advance everybody.
>Keep the good work, Samba Team!
>
>
>Kind regards,
> J.L.
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list