We are planning to replace a quite big domain running W2K with Samba ( at the very least, the DC ).
Though i'd love to have the extra security capabilities of W2K ( Kerberos ) as a DC, Samba/NT4 as PDC/BDC with ldapsam will more than suffice for now.
The show-stopper right now is this: we need to be able to assign "real" Full Control permissions: a user who has "Full control" on a directory should be able to Read, Write, eXecute ( of course) [ this can be easily achieved with ACLs ] *plus* being able to give away Full Control to other users too [ being able to override inherited ACLs would be a plus, too ]. Is this feasible (remember smbd runs as root... )? Has somebody though about implementing this ?
Seems like every implementation of ACL comes together with Extended Attributes support ( at least Ext2/ext3, XFS, ReiserFS ). Any exceptions ?
How about using one EA to map some Windows' attributes ? Full Control, Archive ( though it can be emulated through ctime/atime/mtime ), Change Only, come in a first pass over this.
I thought that maybe coding a wrapper around SecLib could achieve this. Being quite fluent in C/C++ both in Un*x as well as Win32 I don't mind coding whatever tool is needed to achieve this, provided it is indeed possible. If not, some suggestions/comments ( or even an approximate timeline for implementation! ) would be more than welcome.
Any comments on this??
Thanks in advance everybody. Keep the good work, Samba Team!
Kind regards, J.L.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
