[Samba] ACL misbehavior moving from POSIX ACL -> acl_xattr
Wes Deviers
wdevie at hrcsb.org
Fri Sep 18 12:45:10 MDT 2009
On Friday 18 September 2009 02:06:41 pm Miguel Medalha wrote:
> Please pardon me if I insist, but I am doing it with the interest of the
> community in mind, not just bitching about it.
>
>
>
> I really don't see why this could not be implemented. Perhaps it goes
> somewhat against established thinking but it really seems possible to me.
>
> NOTE: Perhaps we wouldn't even need a VFS module, only a smb.conf
> parameter to switch the behavior of the samba daemon? Please note: all
> disk operations would be done in the name of that special user, using
> full permissions. Ownership and rights would then be "filtered" by the
> adequate layer to be seen by clients in the appropriate way.
>
> Best regards
> Miguel
Miguel (and others..)
I've been dinking around with implementing this in my "spare time", using the
existing 3.3 VFS ACL_xattr module as a guide. I *think* the number of
modifications to get it to work that way are pretty minor, actually. Of
course, I could be completely wrong because my C is very rusty and I'm not all
that familiar with the Samba source code.
Jeremy's idea is pretty straightforward; if you just discard any filesystem-
level ACL operations, the existing xattr code should still work. Then, you
can do some share definitions to force user & group ownership of everything,
and hopefully walk away.
If somebody who's better at it wants to work on the problem, that would be
awesome, because I have little confidence in my own. But I'll keep at it and
see what happens.
Wes
More information about the samba
mailing list