Web lists-archives.com

Re: [Samba] Skip ACL checks




On Thu, Mar 16, 2017 at 05:38:57PM +0100, Christoph Kleineweber wrote:
> I am wondering if there is a way to bypass Samba's ACL checks and delegate
> access control completely to the underlying file system.
> 
> My problem arises from the following scenario: Our file system implements
> ACLs that are to the best of my knowledge currently not readable by any of
> the existing VFS modules. When trying to access a file with an ACL going
> beyond the file's POSIX mode, access is denied by Samba. I guess this is
> caused by an mechanism to derive an NT ACL from the mode. Is there any
> possibility to skip Samba's permission checks?

Not really anymore. What you could do is provide a vfs module that
returns a "Everyone is allowed everything" ACL in the get_nt_acl call.
It would of course be much better to get a proper mapping. What do
your ACLs look like?

With best regards,

Volker Lendecke

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba