Hello, I need to setup permissions for a bunch of files, that's a bit more complex, then possible with traditional UNIX permissions. I can set the permissions exactly right, by using the ACL's in Solaris 2.5. The problem is, that I need to share these files with Samba, to Win95 clients. When doing this people don't get the rights the need, because Samba don't support/respect the additionally rights given in the ACLs. So my question is, will Samba get support for Solaris ACL system? Maybe it's not possible at all? I don't need any mapping between NT ACLs and Solaris ACLs, but it would be pretty cool though... Best, Steen Jensen System & net administrator -- Aalborg University e-mail: sj@kom.auc.dk Institute of Electronic Systems Department of Communication Technology
hi steen, are you a c programmer? do you know, or anyone else know, of some example source code that uses solaris acls? luke On Thu, 5 Feb 1998, Steen Jensen wrote:> Hello, > > I need to setup permissions for a bunch of files, that's a bit more > complex, then possible with traditional UNIX permissions. I can set the > permissions exactly right, by using the ACL's in Solaris 2.5. > > The problem is, that I need to share these files with Samba, to Win95 > clients. When doing this people don't get the rights the need, because > Samba don't support/respect the additionally rights given in the ACLs. > > So my question is, will Samba get support for Solaris ACL system? > > Maybe it's not possible at all? > > I don't need any mapping between NT ACLs and Solaris ACLs, but it would be > pretty cool though... > > > Best, > > Steen Jensen System & net administrator > -- > Aalborg University e-mail: sj@kom.auc.dk > Institute of Electronic Systems > Department of Communication Technology > ><a href="mailto:lkcl@samba.anu.edu.au" > Luke Kenneth Casson Leighton </a> <a href="http://mailhost.cb1.com/~lkcl"> Samba and Network Development </a> <a href="http://www.samba.co.uk" > Samba and Network Consultancy </a>
You wrote: | The problem is, that I need to share these files with Samba, to Win95 | clients. When doing this people don't get the rights the need, because | Samba don't support/respect the additionally rights given in the ACLs. | So my question is, will Samba get support for Solaris ACL system? It sorta does and sorta doesn't... If I set up a file with specific ACLs on Solaris and share it via Samba, the samba server process will honour the ACLs because it has to: Solaris enforces them on it. Therefor the file will be acessable/inacessable to a user accessing them via Samba just as if she was accessing them on Solaris. The file will retain the ACLs **UNLESS** the user happens to access it with a program that goes... rename file X to X.BAK open file X.BAK for read open file X for update copy from X.BAK to X change contents flush changes to X close both exit This scenario will cause the client machine to have Samba open a new file. As Samba doesn't grok ACLs. it can't provide the acls or permissions of X to the application, and the application can't reproduce them when opening the ``new'' X. Poof! the ACLs appear to disappear! Programs which copy to X.BAK and then directly edit X will leave X ``correct'' in this scenario, but X.BAK will me be missing ACLs... which may turn out to be A Bad Thing. Try a trivial test to see if this is what is happening... Feel free to send me logs and questions. --dave c-b [ps: in a previous life as DRBrown.TSDC@HI-Multics.ARPA, I had to learn ACLS. Ugh! I found Mandatory Access easier to understand. Oh well, I now know enough to be dangerous (:-)] -- David Collier-Brown, | Always do right. This will gratify some people 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain Willowdale, Ontario | davecb@hobbes.ss.org, canada.sun.com M2N 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb
Rats! Looks like an insect (:-)) --dave -- David Collier-Brown, | Always do right. This will gratify some people 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain Willowdale, Ontario | davecb@hobbes.ss.org, canada.sun.com M2N 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb