[Samba] ACL misbehavior moving from POSIX ACL -> acl_xattr

Wes Deviers wdevie at hrcsb.org
Fri Sep 18 12:45:10 MDT 2009

On Friday 18 September 2009 02:06:41 pm Miguel Medalha wrote:
> Please pardon me if I insist, but I am doing it with the interest of the 
> community in mind, not just bitching about it.
> I really don't see why this could not be implemented. Perhaps it goes 
> somewhat against established thinking but it really seems possible to me.
> NOTE: Perhaps we wouldn't even need a VFS module, only a smb.conf 
> parameter to switch the behavior of the samba daemon? Please note: all 
> disk operations would be done in the name of that special user, using 
> full permissions. Ownership and rights would then be "filtered" by the 
> adequate layer to be seen by clients in the appropriate way.
> Best regards
> Miguel

Miguel (and others..)

I've been dinking around with implementing this in my "spare time", using the 
existing 3.3 VFS ACL_xattr module as a guide.  I *think* the number of 
modifications to get it to work that way are pretty minor, actually.  Of 
course, I could be completely wrong because my C is very rusty and I'm not all 
that familiar with the Samba source code.

Jeremy's idea is pretty straightforward; if you just discard any filesystem-
level ACL operations, the existing xattr code should still work.  Then, you 
can do some share definitions to force user & group ownership of everything, 
and hopefully walk away.

If somebody who's better at it wants to work on the problem, that would be 
awesome, because I have little confidence in my own.  But I'll keep at it and 
see what happens.


More information about the samba mailing list