[Samba] Inheritance of ACLs with Samba
miguelmedalha at sapo.pt
Mon Dec 1 21:00:15 GMT 2008
>> I can't wait until Samba gets a proper Windows ACL implementation
>> (through the VFS?)
> No, it'll be done by MAGIC elves, which will add meta-data
> and kernel changes to POSIX filesystems to support them
> without *any* kernel code changes.... :-).
Well, in my post I warned that I am not an experienced user of Samba,
much less a knowledgeable one. I see myself, though, as a reasonable and
rational person. As such, I can understand things when they are
explained to me.
Of course, the kernel code changes would be the ideal thing, and frankly
I don't quite understand why they weren't done yet, after all these
years. They are lagging at least ten years. Why? Operating system
religious wars? One of the unnoficial Samba HOWTOs circulating on the
Net, still updated to this day, continues to promote a quotation by
Linus Torvalds in which he blasts Microsoft for the obvious flaws with
Windows 95 and 98. Come on, people, let's move on! The Open Source world
should depend less on the criticism of Microsoft and should rely more on
its own relevance and internal dynamics.
I thought that since Samba sits between the network and the unix kernel,
there would be a way to do a complete Windows ACL implementation through
a Virtual File System seen only by Samba and the Windows clients. The
document by Andrew Tridgell "Towards full NTFS semantics in Samba" also
seems to point in that direction... The Samba VFS would be responsible
for keeping the Windows-compatible Access Control Lists, using the
normal unix permissions on the unix filesystem side. The POSIX ACLs
would be replaced by a new layer by which Samba would be the sole
>> and we get done with this POSIX ACL thing (which by
>> the way is not even a ratified standard...).
> Wow, didn't know that ! Could you point me to the
> ratified standard for Windows ACLs please ?
Weren't the POSIX ACL drafts withdrawn before becoming a standard? I
suppose that they are in use because the drafts contain useful work and
they are reasonable. Windows ACLs are not a standard either (or are even
much less of a standard than the POSIX ones) but they are reasonable and
correspond pretty much to what is required by today's computing needs.
They became a "de facto" standard. And since Samba is supposed to
interface unix systems to Windows and serve Windows clients... I am sure
that many, many unix machines are only used as Samba to Windows servers
and never receive direct user logon or unix clients.
I saw a bit of a flame in your answer; please excuse me if I am boring
with these questions or if I am just showing my ignorance, which perhaps
I am. If so, just don't bother answering me. But please note that I see
Samba as a VERY important work, one that the world of computing wouldn't
do without. I use it, and the more I use it the more I prize it. Do I
think it cannot be improved? Of course not. Neither do you, I am sure.
On reading this, please bear in mind that I am not a native English
speaker and it is possible that I don't express myself in the best way.
Thank you for your work with Samba and again for your attention
More information about the samba