Groups | Search | Server Info | Login | Register
| From | Christoph Kleineweber via samba <samba@lists.samba.org> |
|---|---|
| Newsgroups | linux.samba |
| Subject | Re: [Samba] Skip ACL checks |
| Date | 2017-03-20 11:00 +0100 |
| Message-ID | <tn2gz-2R9-43@gated-at.bofh.it> (permalink) |
| References | <tlGL8-14c-13@gated-at.bofh.it> <tlZE5-6AQ-3@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
On Fri, Mar 17, 2017 at 1:54 PM, Volker Lendecke <vl@samba.org> wrote: > On Thu, Mar 16, 2017 at 05:38:57PM +0100, Christoph Kleineweber wrote: > > I am wondering if there is a way to bypass Samba's ACL checks and > delegate > > access control completely to the underlying file system. > > > > My problem arises from the following scenario: Our file system implements > > ACLs that are to the best of my knowledge currently not readable by any > of > > the existing VFS modules. When trying to access a file with an ACL going > > beyond the file's POSIX mode, access is denied by Samba. I guess this is > > caused by an mechanism to derive an NT ACL from the mode. Is there any > > possibility to skip Samba's permission checks? > > Not really anymore. What you could do is provide a vfs module that > returns a "Everyone is allowed everything" ACL in the get_nt_acl call. > It would of course be much better to get a proper mapping. What do > your ACLs look like? > Thanks for clarifying. We use NFSv4 compliant ACLs that can be accessed via the nfs4-acl-tools. I found the existing NFSv4 ACL VFS module in Samba (nfs4acl_xattr), which seems to be build on a different implementation. The referenced website ( http://www.suse.de/~agruen/nfs4acl/) does not exist anymore and the xattr to access ACLs is different (system.nfs4acl for nfs4acl_xattr and system.nfs4_acl for nfs4-acl-tools). Is this a known issue? Kind regards, Christoph -- Quobyte GmbH, Berlin, AG Charlottenburg HRB 149012 B, Jan Stender, Felix Hupfeld, Bjoern Kolbeck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Back to linux.samba | Previous | Next — Previous in thread | Next in thread | Find similar
[Samba] Skip ACL checks Christoph Kleineweber via samba <samba@lists.samba.org> - 2017-03-16 17:50 +0100
Re: [Samba] Skip ACL checks Volker Lendecke via samba <samba@lists.samba.org> - 2017-03-17 14:00 +0100
Re: [Samba] Skip ACL checks Christoph Kleineweber via samba <samba@lists.samba.org> - 2017-03-20 11:00 +0100
Re: [Samba] Skip ACL checks Volker Lendecke via samba <samba@lists.samba.org> - 2017-03-20 15:00 +0100
Re: [Samba] Skip ACL checks Christoph Kleineweber via samba <samba@lists.samba.org> - 2017-03-20 16:00 +0100
Re: [Samba] Skip ACL checks Andrew Bartlett via samba <samba@lists.samba.org> - 2017-03-20 21:20 +0100
Re: [Samba] Skip ACL checks Christoph Kleineweber via samba <samba@lists.samba.org> - 2017-03-21 16:30 +0100
csiph-web