Re: [PATCH] cifs: Allow to set extended attribute cifs_acl (repost)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 8, 2011 at 9:22 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
> On Tue, 8 Mar 2011 09:17:48 -0600
> Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> wrote:
>
>> On Tue, Mar 8, 2011 at 8:32 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
>> > On Mon,  7 Mar 2011 23:00:25 -0600
>> > shirishpargaonkar@xxxxxxxxx wrote:
>> >
>> >> From: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx>
>> >>
>> >>
>> >> Allow setting cifs_acl on the server.
>> >> Pass on to the server the ACL blob generated by an application.
>> >> cifs is just a pass-through, server decides whether to enforce/apply
>> >> the ACL blob composed by an application.
>> >>
>> >>
>> >> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx>
>> >
>> > Seems sane enough and is probably more useful than trying to map all of
>> > this to POSIX acl's and modes. I wonder though...if you do this, then
>> > the permissions and possibly ownership change. Do you need to
>>
>> owner/group will not change, only the ACL (DACL).
>>
>
> So I can't change group ownership on the file by modifying the DACL?
>
> Also, while I don't particularly like the cifsacl acl-to-mode mapping
> code, it still exists. If someone changes the ACL, don't you need to
> account for the possibility that the mode has also changed?
>
> --
> Jeff Layton <jlayton@xxxxxxxxxx>
>


I suppose any tool that avails this facility is expected to change the
ACL (DACL)
part of the security descriptor.
That is what cifs module assumes is being passed on.
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux