On Tue, Dec 06, 2011 at 02:16:34AM +0800, David Roid wrote: > Hi Jeremy, > > I can understand the limit of acl_xattr because every specific file system may > impose a limit on number of extended attributes. But now that with acl_tdb > ACLs > are stored in tdb file, should not there be nothing to do with file system?
The acl_tdb module layers a storage of the pristine Windows ACL into a tdb, but in order for the underlying file system permissions to accurately reflect those Windows permissions we still have to map the Windows ACL onto the underlying file system ACL. If we didn't do this NFS access or local process access would completely ignore the Windows permissions (which is not what most people want). We could extend the acl_tdb and acl_xattr modules so that they never consider the underlying file system permissions, but that would completely divorce the Windows permissions from the local filesystem permissions. We dont' do that yet (it would need some additional coding) as no one has ever demanded that as a feature. It would only work for a Windows-only (CIFS/SMB/SMB2-only) fileserver with no NFS or local access allowed. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba