All files/dirs are 666 or 777. According to my reading, since there are
no POSIX extended ACLs, if the VFS layer "passes" an access, then it only
should be compared against the standard UGO permissions.
That's correct - but the problem isn't access, it's when the
incoming ACL is "set" onto the underlying filesystem. Most
ACLs can't be mapped onto ugw permissions.
As I said, you need a vfs_acl_null module that will drop
any set call, and will return Everyone:Full control on
read.
I am ignorant enough on these low-level matters. I "almost" understand
your statement. But... consider the following:
- At the filesystem level ALL the permissions are 666 or 777
- The above are ONLY seen by the VFS layer, not by the client side
- The VFS module writes the real ACLs as extended attributes only (or
some other method), always setting them as 666/777 at the filesystem level
- Clients only see the ACLs provided to them *by the VFS layer* and
never directly from the filesystem
Wouldn't this provide any desired type of ACLs? What am I missing here?
Thank you
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
