Got it, thanks for the clarification. 2011/12/6 Jeremy Allison <j...@samba.org>
> On Tue, Dec 06, 2011 at 02:16:34AM +0800, David Roid wrote: > > Hi Jeremy, > > > > I can understand the limit of acl_xattr because every specific file > system may > > impose a limit on number of extended attributes. But now that with > acl_tdb ACLs > > are stored in tdb file, should not there be nothing to do with file > system? > > The acl_tdb module layers a storage of the pristine Windows ACL > into a tdb, but in order for the underlying file system permissions > to accurately reflect those Windows permissions we still have > to map the Windows ACL onto the underlying file system ACL. > > If we didn't do this NFS access or local process access > would completely ignore the Windows permissions (which is > not what most people want). > > We could extend the acl_tdb and acl_xattr modules so > that they never consider the underlying file system permissions, > but that would completely divorce the Windows permissions > from the local filesystem permissions. We dont' do that > yet (it would need some additional coding) as no one has > ever demanded that as a feature. > > It would only work for a Windows-only (CIFS/SMB/SMB2-only) > fileserver with no NFS or local access allowed. > > Jeremy. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba