usershare acl parser?
derrell at samba.org
derrell at samba.org
Tue Dec 13 14:35:31 GMT 2005
Jeremy Allison <jra at samba.org> writes:
> On Sun, Dec 11, 2005 at 10:58:20PM +1100, tridge at samba.org wrote:
>> Jeremy,
>>
>> > Ok, I was wrong - I should have used an example of :
>> >
>> > "D:P(A;;GA;;;SY)(A;;GRGWGX;;;BA)(A;;GR;;;WD)"
>>
>> Why do you want SEC_DESC_DACL_PROTECTED ? (the 'P' flag). As there is
>> no parent, its not needed and is pretty obscure at any time.
>>
>> the 'SY' ACE is pointless as its reasonable to assume 'local system'
>> can do whatever it darn well pleases to a local resource. The GWGWGX
>> is also a bit verbose - using GA (generic all) is much simpler and
>> probably what you really wanted.
>>
>> So I suspect what you wanted was this:
>>
>> D:(A;;GA;;;BA)(A;;GR;;;WD)
>>
>> which translates as "all rights for admins, everyone else read".
>
> You're missing the point. This is not a sane way of specifying
> this for a UNIX admin. Compare that with :
>
> Administrators:F,Everyone:R
>
> Which is the syntax I'm proposing.
>
> Jeremy.
Jeremy, before adding a new ACL format... There is an ACL formatter and
parser in libsmbclient that's been there for a long time. It's used for
setting and retrieving ACLs on files and folders using the extended attribute
functions. It uses a human-readable format. You may want to see if it
already does what you're looking for. If that functionality is needed outside
of libsmbclient, those functions can be moved to a more generic
location.
Cheers,
Derrell
More information about the samba-technical
mailing list