Re: acls and samba


From: Amon Ott <ao@rsbac.org>
Subject: Re: acls and samba
Date: Wed, 18 Apr 2001 14:44:27 +0200

Next Article (by Date): Re: New setreuid() and setresuid() logic Amon Ott
Previous Article (by Date): Re: Re[10]: RSBAC v1.1.1 problem Amon Ott
Top of Thread: acls and samba Stephen
Articles sorted by: [Date] [Author] [Subject]


On Mit, 18 Apr 2001 Stephen wrote:
> Hi I noticed that samba 2.2.0 relys on the acl kernel patches from
> http://acl.bestbits.at to work with "Unification of Windows 2000 and
> Windows NT Access control lists (ACLs) with UNIX Access control lists.
> Allow Windows clients to directly manipulate UNIX Access control entries
> as though they were Windows ACLs" (as well as present exisiting support
> for win9x already in samba 2.0.x)  
> I haven't yet looked at this project but it would cause me to be much more
> likely to use this instead of rsbac because of this. Wondering if anyone
> had any comments on this?

I also read about that feature, but never tested those patches. I don't think
it would be that difficult to also support RSBAC ACLs. All we would need is
someone looking into it...

A short glance through their pages shows some limitations:

- ACLs are for those filessystems only that support extended attributes, e.g.
ext2
- They only support files and dirs, no devices etc.
- ACLs are fully discretional: ACL manipulation can be done by the file owner
and processes with CAP_FOWNER, so there is no protection against root processes

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: New setreuid() and setresuid() logic Amon Ott
Previous Article (by Date): Re: Re[10]: RSBAC v1.1.1 problem Amon Ott
Top of Thread: acls and samba Stephen
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.