From: "H. Peter Anvin" <hpa@zytor.com>
To: tridge@samba.org
Cc: Michael B Allen <mba2000@ioplex.com>,
sfrench@samba.org, linux-ntfs-dev@lists.sourceforge.net,
samba-technical@lists.samba.org, aia21@cantab.net,
hirofumi@mail.parknet.co.jp,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: FAT, NTFS, CIFS and DOS attributes
Date: Mon, 03 Jan 2005 17:30:44 -0800 [thread overview]
Message-ID: <41D9F1C4.6000902@zytor.com> (raw)
In-Reply-To: <16857.61339.370059.16758@samba.org>
tridge@samba.org wrote:
> Mike,
>
> > If we're just thinking about MS-oriented discretionary access control then
> > I think the owner of the file is basically king and should be the only
> > normal user to that can read and write it's xattrs. So whatever namespace
> > that is (not system).
>
> for the DACL the owner is king (the owner gets the WRITE_DAC,
> READ_CONTROL and STD_DELETE access bits forced on), but for the other
> parts of the full security descriptor this is not true. The owner
> doesn't get to arbitrarily write to the owner_sid or SACL. Thats why I
> used security.NTACL not user.NTACL.
>
> I suppose we could have a separate user.DACL attribute, but given that
> there is just one API that sets all 4 elements of the SD (with a
> bitmask to say which bits to set), it made more sense to me to group
> them all together. The disadvantage is that Samba needs to gain/lose
> root privileges for the "set SD" call even if the client is only
> asking to set the DACL.
>
Even more so a reason for this not to be a general API.
-hpa
next prev parent reply other threads:[~2005-01-04 1:31 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-03 22:24 FAT, NTFS, CIFS and DOS attributes H. Peter Anvin
2005-01-03 23:26 ` Michael B Allen
2005-01-03 23:33 ` H. Peter Anvin
2005-01-03 23:48 ` Michael B Allen
2005-01-03 23:55 ` H. Peter Anvin
2005-01-04 0:18 ` tridge
2005-01-04 0:24 ` H. Peter Anvin
2005-01-04 0:39 ` tridge
2005-01-04 0:57 ` H. Peter Anvin
2005-01-04 1:12 ` tridge
2005-01-04 1:31 ` Nicholas Miell
2005-01-04 1:48 ` H. Peter Anvin
2005-01-04 2:05 ` Nicholas Miell
2005-01-04 22:24 ` [Linux-NTFS-Dev] " Szakacsits Szabolcs
2005-01-04 1:21 ` tridge
2005-01-04 1:30 ` H. Peter Anvin [this message]
2005-01-03 23:28 ` Nicholas Miell
2005-01-04 0:05 ` tridge
2005-01-04 0:30 ` H. Peter Anvin
2005-01-04 0:58 ` tridge
2005-01-04 1:14 ` H. Peter Anvin
2005-01-04 1:36 ` tridge
2005-01-04 1:50 ` H. Peter Anvin
2005-01-04 2:05 ` tridge
2005-01-04 2:09 ` H. Peter Anvin
2005-01-04 2:23 ` Kyle Moffett
2005-01-04 2:49 ` tridge
2005-01-04 3:39 ` Kyle Moffett
2005-01-04 3:56 ` tridge
2005-01-04 4:50 ` Kyle Moffett
2005-01-04 4:05 ` Michael B Allen
2005-01-04 10:34 ` Anton Altaparmakov
2005-01-04 11:08 ` Anton Altaparmakov
2005-01-04 22:18 ` Nicholas Miell
2005-01-04 23:04 ` Anton Altaparmakov
2005-01-05 0:48 ` Nicholas Miell
2005-01-05 1:12 ` Nicholas Miell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41D9F1C4.6000902@zytor.com \
--to=hpa@zytor.com \
--cc=aia21@cantab.net \
--cc=hirofumi@mail.parknet.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-ntfs-dev@lists.sourceforge.net \
--cc=mba2000@ioplex.com \
--cc=samba-technical@lists.samba.org \
--cc=sfrench@samba.org \
--cc=tridge@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.