Re: [Samba] Re: Full wNT/w2K ACL conformance
On 18 Jun 2003 at 15:39, Dragan Krnic wrote: > >>The show-stopper right now is this: we need to be > >>able to assign "real" Full Control permissions: a > >>user who has "Full control" on a directory should > >>be able to Read, Write, eXecute ( of course) [ this > >>can be easily achieved with ACLs ] *plus* being > >>able to give away Full Control to other users too > >>[being able to override inherited ACLs would be a > >>plus, too]. Is this feasible (remember smbd runs as > >>root... )? Has somebody thought about implementing > >>this ? > > If you have Full Control over a directory (e.g. as > root, or own it or have rwx on it), you can give FC > (rwx) to others. Is it perhaps the other way around, > that you want to stop this delegation, unless an FC > EA explicitely allows it? I'm not sure if it can be > a show-stopper or if it really makes a difference. In our case, the only users who require "Full Control" access are admins, so we use "admin users = @domain/domain admins". Not ideal, but it gives us the NT equivalence we require, and has allowed us to migrate a large portion of our file storage to Samba. We find the option "nt acl support = no" to be a nice feature that is not available on NT. It prevents our students from messing with ACLs (for their own files) which had been a problem on NT. We provide a second admin access only share which provides ACL support for admins. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] "Friends don't let friends use Outlook." -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Full wNT/w2K ACL conformance
"Never attribute to malice that which can adequately be explained by stupidity." Or in this case, an attempt at compatibility for users who had come from the DEC minicomputer world. DOS 1.0 took a lot of it's command line conventions from CP/M, which got them from the old DEC stuff. RT-11, OS-8, etc. UNIX wasn't really on anyone's radar screen at that point, at least not for PC's. There's no logic here, just however someone felt like doing it. No "usability studies", and design-by-committee in those days. Can you imagine a review committee letting someone get away with "ls", "cat", and "grep" these days? DIR and TYPE at least made some sense, even if "PIP" didn't. :) > -Original Message- > From: Dragan Krnic [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 18, 2003 12:26 PM > To: Michael MacIsaac > Cc: [EMAIL PROTECTED] > Subject: [Samba] Re: Full wNT/w2K ACL conformance > > > >UH-OH! Maybe it's IBM's fault: > > > >Those OS's used forward slash as the "option" > >indicator on command line utilities. In their > >earliest form, neither had hierarchical directories, > >so there was no conflict. When UNIX-style paths > >appeared in DOS 2.0, to avoid breaking compatibility > >with existing BAT files (and confusing users), IBM > >(or whoever) used the backslash for the path > >separator. > > Here we go again: why slash and not dash? Seattle > Computers had global ulterior designs for sure {:-) > > Thanks. > > > > Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! > http://login.mail.lycos.com/r/referral?aid=27005 > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Full wNT/w2K ACL conformance
I suspect the backslash thing actually ties back to DOS 1.0 and even CP/M, which had user-interface roots in the old DEC operating systems. Those OS's used forward slash as the "option" indicator on command line utilities. In their earliest form, neither had hierarchical directories, so there was no conflict. When UNIX-style paths appeared in DOS 2.0, to avoid breaking compatibility with existing BAT files (and confusing users), IBM (or whoever) used the backslash for the path separator. > -Original Message- > From: Dragan Krnic [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 18, 2003 11:05 AM > To: Michael MacIsaac > Cc: [EMAIL PROTECTED] > Subject: Re: [Samba] Re: Full wNT/w2K ACL conformance > > > >> consider the backslash. Was there any need for it, > >> given that Unix slash was in existence for decades > >> when DOS came around? No, just like much of so > >> called ACLs, it is a way to lock the installed base > >> away from recognized standards to proprietary > >> captivity. > > > >In July 1981, Microsoft bought all rights to DOS from > >Seattle Computer. I doubt Seattle Computer had any > >intention of locking in the installed base with > >backslashes. > > Thanks for the correction. But was backslash used > as path separator in ur-DOS? Just curious. > > > > Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! > http://login.mail.lycos.com/r/referral?aid=27005 > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Full wNT/w2K ACL conformance
>> consider the backslash. Was there any need for it, >> given that Unix slash was in existence for decades >> when DOS came around? No, just like much of so >> called ACLs, it is a way to lock the installed base >> away from recognized standards to proprietary >> captivity. > >In July 1981, Microsoft bought all rights to DOS from >Seattle Computer. I doubt Seattle Computer had any >intention of locking in the installed base with >backslashes. Thanks for the correction. But was backslash used as path separator in ur-DOS? Just curious. Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba