Current approaches to ACL handling
ronnie sahlberg
ronniesahlberg at gmail.com
Mon Oct 1 13:19:39 MDT 2012
On Mon, Oct 1, 2012 at 11:57 AM, Christopher R. Hertel <crh at ubiqx.mn.org> wrote:
> On 10/01/2012 01:52 PM, Jeremy Allison wrote:
>>
>> On Mon, Oct 01, 2012 at 02:42:51PM -0400, simo wrote:
>>>
>>> On Mon, 2012-10-01 at 13:28 -0500, Christopher R. Hertel wrote:
>>>>
>>>> What are the current best practices for ACL handling?
>>>>
>>>> To my knowledge, it's using EAs to store the ACLs. Is there any
>>>> in-depth
>>>> documentation on this implementation? Are there any other mechanisms in
>>>> use?
>>>
>>>
>>> We store the Windows ACL in an EA and a matching posix ACL translation
>>> on the file, plus a sha hash of the ACL so we can be sure they are in
>>> sync.
>>>
>>> I am not aware of any other doc beyond the code.
>>
>>
>> Well there are some SambaXP talks on it I did a while ago :-).
>>
>> Sorry.
>
>
> I'll look at the code and your talks. Those are the kinds of pointers I
> needed.
>
> Is there any reason to even consider the possibility of thinking about
> pondering the idea of toying with the concept of somehow using TDB (CTDB) to
> manage ACLs, or is that not a particularly rational approach?
I think TDBs would be problematic since with one permanent record for
each file, and say
a few billion files, the TDB would become huge. As in >>TB size huge.
You would also have the problem of single point of failure. That TDB
file goes bad, you now lost all ACLs for all your files.
More information about the samba-technical
mailing list