[KLUG Members] Mapping Windows ACLs to UNIX ACLs -- WAS: Defrag'ing ext3 filesystems?

Bryan J. Smith members@kalamazoolinux.org
14 Nov 2002 00:01:16 -0500

Previous message: [KLUG Members] Defrag'ing ext3 filesystems?
Next message: [KLUG Members] Mapping Windows ACLs to UNIX ACLs -- WAS: Defrag'ing ext3 filesystems?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--=-KgzizWWXinpBu1jY5Wiw
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2002-11-13 at 22:06, Jim C wrote:
> In regards to permissions the implication was that NTFS permissions=20
> wouldn't map to Unix permissions or that they could not be changed=20
> through Samba for some reason.

You _can_ map Windows ACLs into UNIX ACLs in Samba 2.2.  The POSIX/SUS
standards define Access Control Lists (ACLs) for UNIX.

Currently, there are only two Linux filesystems that support them:

  - SGI XFS -- inherent POSIX ACL support,
               but XFS itself is not in stock 2.4 kernel

  - Ext2/Ext3 -- in stock kernel,
                 but requires patches for POSIX ACL support

The 2.5 kernel development integrates both filesystems with full
ACL/EAs.  The ACL/EA standard interfaces were added to the Linux kernel
with 2.5.3.  Before that, SGI had their own implementation (which they
patched to the kernel as part of XFS and included utilities) and the
Ext2/3 team had theirs (patches and utilities).

Samba 2.2 supports ACLs via the XFS (on both Irix and Linux) and Ext2/3
interfaces.  It can even tie into a variety of directory services for
authorizing accounts against -- including native Windows servers (even
ActiveDirectory in 3.0 development, which is now in alpha-testing).

-- Bryan

The only "issues" one can run into is when dealing with "ownership"
changes that UNIX security does not allow.  E.g., in Windows, users can
"take ownership" and, in some cases, "change ownership" on the file
itself.  Since this is an operation _only_ "root" (or "wheel" group)
users can do, this will not be allowed from Windows clients to Samba
servers.

--=20
Bryan J. Smith, E.I.            Contact Info:  http://thebs.org
A+/i-Net+/Linux+/Network+/Server+ CCNA CIWA CNA SCSA/SCWSE/SCNA
---------------------------------------------------------------
The more government chooses for you, the less freedom you have.

--=-KgzizWWXinpBu1jY5Wiw
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA90y4cDjEszaVrzmQRArl8AKDA1XVUQ78Lv+H1iVDNraOTVOgBvACgppXz
7VICjQNxkcqB/mWCUMuPC8s=
=swAE
-----END PGP SIGNATURE-----

--=-KgzizWWXinpBu1jY5Wiw--

Previous message: [KLUG Members] Defrag'ing ext3 filesystems?
Next message: [KLUG Members] Mapping Windows ACLs to UNIX ACLs -- WAS: Defrag'ing ext3 filesystems?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]