Web lists-archives.com

Re: [Samba] Skip ACL checks




On Mon, Mar 20, 2017 at 10:57:02AM +0100, Christoph Kleineweber wrote:
> On Fri, Mar 17, 2017 at 1:54 PM, Volker Lendecke <vl@xxxxxxxxx> wrote:
> 
> > On Thu, Mar 16, 2017 at 05:38:57PM +0100, Christoph Kleineweber wrote:
> > > I am wondering if there is a way to bypass Samba's ACL checks and
> > delegate
> > > access control completely to the underlying file system.
> > >
> > > My problem arises from the following scenario: Our file system implements
> > > ACLs that are to the best of my knowledge currently not readable by any
> > of
> > > the existing VFS modules. When trying to access a file with an ACL going
> > > beyond the file's POSIX mode, access is denied by Samba. I guess this is
> > > caused by an mechanism to derive an NT ACL from the mode. Is there any
> > > possibility to skip Samba's permission checks?
> >
> > Not really anymore. What you could do is provide a vfs module that
> > returns a "Everyone is allowed everything" ACL in the get_nt_acl call.
> > It would of course be much better to get a proper mapping. What do
> > your ACLs look like?
> >
> 
> Thanks for clarifying. We use NFSv4 compliant ACLs that can be accessed via
> the nfs4-acl-tools.

So the only supported way to retrieve ACLs is by running a separate
executable?

With best regards,

Volker Lendecke

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba