[Samba] Inheritance of ACLs with Samba
miguelmedalha at sapo.pt
Tue Dec 2 02:36:08 GMT 2008
Jeremy Allison wrote:
> On Mon, Dec 01, 2008 at 09:00:15PM +0000, Miguel Medalha wrote:
>> I thought that since Samba sits between the network and the unix kernel,
>> there would be a way to do a complete Windows ACL implementation through
>> a Virtual File System seen only by Samba and the Windows clients. The
>> document by Andrew Tridgell "Towards full NTFS semantics in Samba" also
>> seems to point in that direction... The Samba VFS would be responsible
>> for keeping the Windows-compatible Access Control Lists, using the
>> normal unix permissions on the unix filesystem side. The POSIX ACLs
>> would be replaced by a new layer by which Samba would be the sole
> Sounds great, until you want NFS access as well (everyone does,
> you know). Now what ? We have deny ACE's on the Windows side
> which are completely ignored by the NFS or local side. Works
> for an embedded box only exporting CIFS, not so good for everyone
Of course you are the expert here, but nevertheless let me dare to tell
I think that such a module, perhaps *as an option* -- even discarding
NFS -- would appeal to many people and would greatly increase the use of
Linux servers at many places. After all, wasn't Samba intended to
connect Windows to *nix from the beginning? "Opening W/w-indows to a
wider world"? Most people I know use Samba in order to have a Linux
machine serving Windows clients, not because of NFS.
Then, after all, why not provide different hooks (or would it be
different daemons?) when using CIFS and NFS concurrently? The unix
filesystem would remain intact as it is, only viewed from the outside
would the filesystem look different according to the connected client.
That would provide both CIFS and NFS semantics, since the Samba daemon
would sit in the middle translating things to and from the kernel.
Does this make any sense?
Well, thank you again for your patience.
Best regards to you!
More information about the samba