[Samba] VFS ACL modules - question to developers

Jeremy Allison jra at samba.org
Tue Dec 6 10:14:24 MST 2011

On Tue, Dec 06, 2011 at 09:57:26AM +0100, NdK wrote:
> Il 05/12/2011 19:27, Jeremy Allison ha scritto:
> > If we didn't do this NFS access or local process access
> > would completely ignore the Windows permissions (which is
> > not what most people want).
> Then why not drop completely TDB storage of permissions and rely on
> filesystem alone?
> Denormalization is (usually) bad...

Because, as has been pointed out before, mapping to
the underlying filesystem permission is a *lossy*
mapping (this is what we used to do).

Most people using Windows don't want a lossy mapping,
they want to see the exact Windows ACLs they set.

The acl_xattr or acl_tdb method allows us to do
this, with complete accuracy on evaluating the
Windows ACLs, yet still have the underlying
filesystem mapping as well.

Sort of like eating, and having, your cake at
the same time :-).


More information about the samba mailing list