Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Releasing Samba 4
Posted Dec 1, 2011 20:32 UTC (Thu) by nix (subscriber, #2304)
Posted Dec 2, 2011 7:54 UTC (Fri) by trasz (guest, #45786)
Posted Dec 2, 2011 18:51 UTC (Fri) by jra (subscriber, #55261)
This stores "pristine" Windows ACLs in an EA on the filesystem, and consults them before allowing access to the underlying file/directory. The mapping to underlying POSIX ACLs (for systems that don't support them) is done underneath this layer for compatibility with NFSv3 and system process accessing the same files.
Samba of course has a full mapping into NFSv4 (ZFS, or GPFS) ACLs, which will be supported on Linux once the "RichACLs" patch is accepted into the kernel.
So yes, ACLs *do* work in the general case in Samba, and many successful OEMs ship with them turned on.
Posted Dec 5, 2011 9:40 UTC (Mon) by trasz (guest, #45786)
Posted Feb 8, 2012 7:19 UTC (Wed) by kaiser (guest, #82799)
This fixes some minor interop. nits (group owners of files, for example) but also allows the Windows privilege model to be integrated as a first class citizen in the OS, and most importantly, allows for SIDs to be stored natively as the user's in-kernel credentials, which is a real boon for identity management/mapping across protocols, and for group policy (e.g. local groups). As a bonus, this allows any userspace CIFS processes to run without escalated privilege (e.g. switching to root for take ownership) which can be seen as a security risk.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds