Groups | Search | Server Info | Login | Register
| From | Volker Lendecke via samba <samba@lists.samba.org> |
|---|---|
| Newsgroups | linux.samba |
| Subject | Re: [Samba] Skip ACL checks |
| Date | 2017-03-20 15:00 +0100 |
| Message-ID | <tn60P-5sH-43@gated-at.bofh.it> (permalink) |
| References | <tlGL8-14c-13@gated-at.bofh.it> <tlZE5-6AQ-3@gated-at.bofh.it> <tn2gz-2R9-43@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
On Mon, Mar 20, 2017 at 10:57:02AM +0100, Christoph Kleineweber wrote: > On Fri, Mar 17, 2017 at 1:54 PM, Volker Lendecke <vl@samba.org> wrote: > > > On Thu, Mar 16, 2017 at 05:38:57PM +0100, Christoph Kleineweber wrote: > > > I am wondering if there is a way to bypass Samba's ACL checks and > > delegate > > > access control completely to the underlying file system. > > > > > > My problem arises from the following scenario: Our file system implements > > > ACLs that are to the best of my knowledge currently not readable by any > > of > > > the existing VFS modules. When trying to access a file with an ACL going > > > beyond the file's POSIX mode, access is denied by Samba. I guess this is > > > caused by an mechanism to derive an NT ACL from the mode. Is there any > > > possibility to skip Samba's permission checks? > > > > Not really anymore. What you could do is provide a vfs module that > > returns a "Everyone is allowed everything" ACL in the get_nt_acl call. > > It would of course be much better to get a proper mapping. What do > > your ACLs look like? > > > > Thanks for clarifying. We use NFSv4 compliant ACLs that can be accessed via > the nfs4-acl-tools. So the only supported way to retrieve ACLs is by running a separate executable? With best regards, Volker Lendecke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Back to linux.samba | Previous | Next — Previous in thread | Next in thread | Find similar
[Samba] Skip ACL checks Christoph Kleineweber via samba <samba@lists.samba.org> - 2017-03-16 17:50 +0100
Re: [Samba] Skip ACL checks Volker Lendecke via samba <samba@lists.samba.org> - 2017-03-17 14:00 +0100
Re: [Samba] Skip ACL checks Christoph Kleineweber via samba <samba@lists.samba.org> - 2017-03-20 11:00 +0100
Re: [Samba] Skip ACL checks Volker Lendecke via samba <samba@lists.samba.org> - 2017-03-20 15:00 +0100
Re: [Samba] Skip ACL checks Christoph Kleineweber via samba <samba@lists.samba.org> - 2017-03-20 16:00 +0100
Re: [Samba] Skip ACL checks Andrew Bartlett via samba <samba@lists.samba.org> - 2017-03-20 21:20 +0100
Re: [Samba] Skip ACL checks Christoph Kleineweber via samba <samba@lists.samba.org> - 2017-03-21 16:30 +0100
csiph-web