On Tue, Dec 06, 2011 at 09:57:26AM +0100, NdK wrote: > Il 05/12/2011 19:27, Jeremy Allison ha scritto: > > > If we didn't do this NFS access or local process access > > would completely ignore the Windows permissions (which is > > not what most people want). > Then why not drop completely TDB storage of permissions and rely on > filesystem alone? > Denormalization is (usually) bad...
Because, as has been pointed out before, mapping to the underlying filesystem permission is a *lossy* mapping (this is what we used to do). Most people using Windows don't want a lossy mapping, they want to see the exact Windows ACLs they set. The acl_xattr or acl_tdb method allows us to do this, with complete accuracy on evaluating the Windows ACLs, yet still have the underlying filesystem mapping as well. Sort of like eating, and having, your cake at the same time :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba