[Samba] [PATCH 03/23] vfs: rich ACL in-memory representation and manipulation

J. Bruce Fields bfields at citi.umich.edu
Mon Feb 1 16:06:45 MST 2010


On Mon, Feb 01, 2010 at 11:32:59PM +0530, Aneesh Kumar K. V wrote:
> I guess id mapping needs more work in the patch. I would really like
> to hear from both NFS and Samba people in how they would like the
> id details to be stored. If we can't map an incoming user at domain
> request on nfs, I guess we definitely don't want to store the acl with
> 'nobody' id

I don't see the point in allowing the acl's to refer to arbitrary
user at domain strings unless we're also going to allow those strings as
file owners, allow processes to run *as* one of those strings, etc.

If we're really going to try to teach the core kernel to handle foreign
NFS or Samba identities, that's a separate project.

As long as the kernel's working with ordinary uid's and gid's, the acl's
should do the same, and NFS and Samba can take care of the conversion as
needed.

So I agree that we should be able to use a more compact representation
here.

--b.


More information about the samba mailing list