TrustedBSD Supports Windows NT ACLs With Samba

Anonymous Coward writes "Chris Faulhaber, one of the TrustedBSD developers, announced on the trustedbsd-discuss mailing list that Samba's POSIX.1e ACL support is now working on FreeBSD 5.0-CURRENT, and even has a screen shot. This has been a high-demand feature, apparently, and could be a big selling point for sites currently running Windows NT as their enterprise operating system.

Date: Tue, 24 Apr 2001 19:17:52 -0400
From: Chris Faulhaber <jedgar@fxp.org>
To: trustedbsd-discuss@TrustedBSD.org
Subject: Native ACL support for Samba

With the release of Samba 2.2.0, samba offers ACL support to remote clients. I just committed the changes to the FreeBSD CVS tree required to allow Samba to access the FreeBSD ACLs. With an updated -current system and samba-devel port (define WITH_ACL_SUPPORT), Windows NT 4.0 and 2000 clients can now remotely manipulate ACLs. Testing and comments are appreciated.

In addition, the ACL utilities, getfacl and setfacl, have been updated to fully make use of the ACL editing library. They should compile on most ACL-enabled systems (tested on Linux + ACL patches) with little or no change."

Re:ACLs in NT

[Zeinfeld]

Does anyone actually bother to use them?

I don't use them on my home machines, but I often wish I had - and that is with two users, both of whom know the root password.

When I did sysadmin type stuff I used them extensively.

NT ACLs are very usefull since if you run IIS the file permissions map right through to the web server.

I agree however with a point raised by Butler Lampson several times, ACLs are a pain to manage they should not apply to files. Instead individual users should be allowed to define named access policies via an ACL and then apply the policy to the file.

What this would mean is that if you decide to kick Alice off the system you can revoke all her ACLs at one time, or if you decide to give her special privs you can do it all in one.