Skip ACL checks

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Skip ACL checks

Samba - General mailing list
>
> > > > I am wondering if there is a way to bypass Samba's ACL checks and
> > > delegate
> > > > access control completely to the underlying file system.
> > > >
> > > > My problem arises from the following scenario: Our file system
> implements
> > > > ACLs that are to the best of my knowledge currently not readable by
> any
> > > of
> > > > the existing VFS modules. When trying to access a file with an ACL
> going
> > > > beyond the file's POSIX mode, access is denied by Samba. I guess
> this is
> > > > caused by an mechanism to derive an NT ACL from the mode. Is there
> any
> > > > possibility to skip Samba's permission checks?
> > >
> > > Not really anymore. What you could do is provide a vfs module that
> > > returns a "Everyone is allowed everything" ACL in the get_nt_acl call.
> > > It would of course be much better to get a proper mapping. What do
> > > your ACLs look like?
> > >
> >
> > Thanks for clarifying. We use NFSv4 compliant ACLs that can be accessed
> via
> > the nfs4-acl-tools.
>
> So the only supported way to retrieve ACLs is by running a separate
> executable?


The nfs4-acl-tools make also use of xattrs to access ACLs. The ACL itself
is XDR encoded, so access could be done directly by a VFS module and does
not require the executable.

Christoph


--
Quobyte GmbH, Berlin, AG Charlottenburg HRB 149012 B, Jan Stender, Felix
Hupfeld, Bjoern Kolbeck
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...