Hi Jean-Pierre,
Marvellous! Congratulations! :))
I have only two questions for now:
1. How well tar's --acl option can cope this way with the Windows ACLs
(backup/restore)?
2. Is there some ACL test suite(s) we could use for validation and
regression testing?
Thank you a lot :)
Szaka
On Wed, 23 Apr 2008, Jean-Pierre ANDRE wrote:
> Hi
>
> I have implemented two-way mappings between NTFS ACLs and Posix ACLs. They
> may be useful in complex situations which do not fit into the basic Linux
> permission model where special rights to access a file can only be defined
> for a single user and a single group. If Posix ACLs are configured in your
> distribution, they can be defined and checked through getfacl(1) and
> setfacl(1).
>
> The Posix ACL model is quite different NTFS ACL model and approximations have
> to be made when mapping a model onto the other. As for the basic ownership
> and protection version for ntfs-3g, I took the option of sticking to
> compliance to Posix when I ran into some conflict with the interpretation by
> Windows of an NTFS ACL.
>
> As an example, "chmod 646 file" does as expected on Linux, denying updating
> of file only to members of group apart from the owner. Windows does the
> same, but the Windows GUI for setting the ACL does not accept the generated
> ACL and changes the order of rules, with the consequence that updating is also
> denied to owner of file.
>
> A similar conflict occurs for files owned by root, because root has to have
> full access to file, irrespective of the "rwx" flags setting for owner and
> group.
>
> However the following properties hold :
>
> - ACLs set by a Windows tool are interpreted by Linux correctly provided the
> adequate user mappings have been defined. Of course they are also interpreted
> correctly by Windows.
>
> - ACLs set by a Linux application are interpreted by Windows correctly. They
> are also interpreted by Linux correctly, which means that any ACL set by
> Linux translates to an NTFS ACL and back to the exact original Posix ACL.
>
> But an ACL set by Windows and modified by Linux may change the original ACL
> significantly as the Posix model is poorer. Similarly an ACL defined by Linux
> is modified by the Windows tool : it changes the order and merges ACEs
> applied to the same user or group.
>
> It is therefore strongly recommended to always use the same OS for setting
> the ACLs, and to be aware you wont get standard rights on the other OS.
>
> The Posix ACL to NTFS ACL mappings are available as an experimental patch to
> the permission and ownership version of ntfs-3g :
> http://pagesperso-orange.fr/b.andre/ntfs-3g-1.2412SR.2.tgz
>
> References
>
> What could have been IEEE 1003.1e/2c :
> http://wt.tuxomania.net/publications/posix.1e/download.html
>
> POSIX Access Control Lists on Linux by Andreas Grünbacher :
> http://www.suse.de/~agruen/acl/linux-acls/online
>
> Mapping Between NFSv4 and Posix Draft ACLs by Marius Aamodt Eriksen :
> http://tools.ietf.org/id/draft-ietf-nfsv4-acl-mapping-03.txt
>
>
> Regards
>
> Jean-Pierre
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> ntfs-3g-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
>
--
NTFS-3G: http://ntfs-3g.org
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
ntfs-3g-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
