On Wed, 19 Mar 2003, Ken Cross wrote: > Richard: > > By all means, leave them not trusting the file system. ;-) > > Seriously, we have a similar situation, where we have almost-Windows > ACLs. It's a continuing problem. > > However, we've found it best to do whatever is appropriate to avoid > alarming the user. Typically, this means silently doing the > next-best-thing, whatever that is. > > An example is setting Read Attributes, but disabling Read Extended > Attributes. We don't implement them both, so we set them both to > whatever the last request was.
Hmmm, that sounds like you have the bits in your ACLs, but do not implement the semantics associated with them? As far as I can see, Windows requires that you have WRITE_DATA, WRITE_ATTRIBUTES and WRITE_EXTENTED_ATTRIBUTES to allow you to write to a file. This seems surprising, but not unexpected given that NTFS implements file data as the unnamed $DATA attribute :-) > It ain't perfect, but it's an approximation anyhow. Regards ----- Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com