NT ACL / Security descriptor checking function
David Collier-Brown
davecb at canada.sun.com
Fri Feb 11 14:00:28 GMT 2000
Luke Kenneth Casson Leighton wrote:
> this was discussed four to five months ago, my recommendation was to do it
> the other way round: map immediately out as soon as possible to NT
> security descriptors, and maintain for as long as possible NT SDs before
> converting to, say... POSIX or Unix ACls or file permissions.
>
> reason: you don't want to impose a restriction, in the file-system
> example, of mapping to POSIX-based ACLs, only to find later that the
> underlying filesystem actually supports a much richer ACL implementation
> thatn the [limited] POSIX one, or even fully supports NT security
> descriptors, such as the linux NTFS drivers.
I mildly agree: I speculate you have two modules,
one which just looks up the ACLS in an underlying
filesystem that supports them all, or supports
a superset. This may well be a stub unless you happen
to have linux NTFS handy...
The other is the mapping to subsets, which is what we
do now.
--dave
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list