What evaluates file perms when ACL's are involved?
Jeremy Allison
jra at samba.org
Wed Mar 8 03:59:18 GMT 2006
On Wed, Mar 08, 2006 at 02:09:45PM +1100, Tim Potter wrote:
> On Tue, 2006-03-07 at 18:58 -0800, Jeremy Allison wrote:
> > On Tue, Mar 07, 2006 at 09:19:31PM -0500, Michael Lueck wrote:
> > >
> > > With Windows clients accessing these files via Samba in a Samba PDC
> > > environment, does Samba look to the filesystem / kernel to evaluate the
> > > ACL's, or is it involved in the process directly?
> >
> > Samba only evaluates acls in userspace when it's trying to
> > decide if a client has the ability to set the "delete on close"
> > bit to remove a file - this has to be done at open time for Windows,
> > thus the userspace check. Even if this passes Samba it's still
> > up to the kernel to decide if that user can delete the file
> > or not - it's done at close time instead.
>
> Is it possible to map this to a call to access()? You can only check
> one of readable, writable or executable though. It might not be enough
> to remove this one userspace check.
Nope. access checks the *real* uid, not the effective one, making
it singularly useless in this case ;-).
Jeremy.
More information about the samba-technical
mailing list