Hi I have implemented two-way mappings between NTFS ACLs and Posix ACLs. They may be useful in complex situations which do not fit into the basic Linux permission model where special rights to access a file can only be defined for a single user and a single group. If Posix ACLs are configured in your distribution, they can be defined and checked through getfacl(1) and setfacl(1).
The Posix ACL model is quite different NTFS ACL model and approximations have to be made when mapping a model onto the other. As for the basic ownership and protection version for ntfs-3g, I took the option of sticking to compliance to Posix when I ran into some conflict with the interpretation by Windows of an NTFS ACL. As an example, "chmod 646 file" does as expected on Linux, denying updating of file only to members of group apart from the owner. Windows does the same, but the Windows GUI for setting the ACL does not accept the generated ACL and changes the order of rules, with the consequence that updating is also denied to owner of file. A similar conflict occurs for files owned by root, because root has to have full access to file, irrespective of the "rwx" flags setting for owner and group. However the following properties hold : - ACLs set by a Windows tool are interpreted by Linux correctly provided the adequate user mappings have been defined. Of course they are also interpreted correctly by Windows. - ACLs set by a Linux application are interpreted by Windows correctly. They are also interpreted by Linux correctly, which means that any ACL set by Linux translates to an NTFS ACL and back to the exact original Posix ACL. But an ACL set by Windows and modified by Linux may change the original ACL significantly as the Posix model is poorer. Similarly an ACL defined by Linux is modified by the Windows tool : it changes the order and merges ACEs applied to the same user or group. It is therefore strongly recommended to always use the same OS for setting the ACLs, and to be aware you wont get standard rights on the other OS. The Posix ACL to NTFS ACL mappings are available as an experimental patch to the permission and ownership version of ntfs-3g : http://pagesperso-orange.fr/b.andre/ntfs-3g-1.2412SR.2.tgz References What could have been IEEE 1003.1e/2c : http://wt.tuxomania.net/publications/posix.1e/download.html POSIX Access Control Lists on Linux by Andreas Grünbacher : http://www.suse.de/~agruen/acl/linux-acls/online Mapping Between NFSv4 and Posix Draft ACLs by Marius Aamodt Eriksen : http://tools.ietf.org/id/draft-ietf-nfsv4-acl-mapping-03.txt Regards Jean-Pierre ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ ntfs-3g-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
