From: "H. Peter Anvin" <hpa@zytor.com>
To: tridge@samba.org
Cc: Michael B Allen <mba2000@ioplex.com>,
sfrench@samba.org, linux-ntfs-dev@lists.sourceforge.net,
samba-technical@lists.samba.org, aia21@cantab.net,
hirofumi@mail.parknet.co.jp,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: FAT, NTFS, CIFS and DOS attributes
Date: Mon, 03 Jan 2005 17:30:44 -0800 [thread overview]
Message-ID: <41D9F1C4.6000902@zytor.com> (raw)
In-Reply-To: <16857.61339.370059.16758@samba.org>
tridge@samba.org wrote:
> Mike,
>
> > If we're just thinking about MS-oriented discretionary access control then
> > I think the owner of the file is basically king and should be the only
> > normal user to that can read and write it's xattrs. So whatever namespace
> > that is (not system).
>
> for the DACL the owner is king (the owner gets the WRITE_DAC,
> READ_CONTROL and STD_DELETE access bits forced on), but for the other
> parts of the full security descriptor this is not true. The owner
> doesn't get to arbitrarily write to the owner_sid or SACL. Thats why I
> used security.NTACL not user.NTACL.
>
> I suppose we could have a separate user.DACL attribute, but given that
> there is just one API that sets all 4 elements of the SD (with a
> bitmask to say which bits to set), it made more sense to me to group
> them all together. The disadvantage is that Samba needs to gain/lose
> root privileges for the "set SD" call even if the client is only
> asking to set the DACL.
>
Even more so a reason for this not to be a general API.
-hpa
next prev parent reply other threads:[~2005-01-04 1:31 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-03 22:24 FAT, NTFS, CIFS and DOS attributes H. Peter Anvin
2005-01-03 23:26 ` Michael B Allen
2005-01-03 23:33 ` H. Peter Anvin
2005-01-03 23:48 ` Michael B Allen
2005-01-03 23:55 ` H. Peter Anvin
2005-01-04 0:18 ` tridge
2005-01-04 0:24 ` H. Peter Anvin
2005-01-04 0:39 ` tridge
2005-01-04 0:57 ` H. Peter Anvin
2005-01-04 1:12 ` tridge
2005-01-04 1:31 ` Nicholas Miell
2005-01-04 1:48 ` H. Peter Anvin
2005-01-04 2:05 ` Nicholas Miell
2005-01-04 22:24 ` [Linux-NTFS-Dev] " Szakacsits Szabolcs
2005-01-04 1:21 ` tridge
2005-01-04 1:30 ` H. Peter Anvin [this message]
2005-01-03 23:28 ` Nicholas Miell
2005-01-04 0:05 ` tridge
2005-01-04 0:30 ` H. Peter Anvin
2005-01-04 0:58 ` tridge
2005-01-04 1:14 ` H. Peter Anvin
2005-01-04 1:36 ` tridge
2005-01-04 1:50 ` H. Peter Anvin
2005-01-04 2:05 ` tridge
2005-01-04 2:09 ` H. Peter Anvin
2005-01-04 2:23 ` Kyle Moffett
2005-01-04 2:49 ` tridge
2005-01-04 3:39 ` Kyle Moffett
2005-01-04 3:56 ` tridge
2005-01-04 4:50 ` Kyle Moffett
2005-01-04 4:05 ` Michael B Allen
2005-01-04 10:34 ` Anton Altaparmakov
2005-01-04 11:08 ` Anton Altaparmakov
2005-01-04 22:18 ` Nicholas Miell
2005-01-04 23:04 ` Anton Altaparmakov
2005-01-05 0:48 ` Nicholas Miell
2005-01-05 1:12 ` Nicholas Miell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41D9F1C4.6000902@zytor.com \
--to=hpa@zytor.com \
--cc=aia21@cantab.net \
--cc=hirofumi@mail.parknet.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-ntfs-dev@lists.sourceforge.net \
--cc=mba2000@ioplex.com \
--cc=samba-technical@lists.samba.org \
--cc=sfrench@samba.org \
--cc=tridge@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox