Skip to content
Commit f3c12f12 authored by Harald Sitter's avatar Harald Sitter 🐧
Browse files

fix up ACE ordering 

the order of entries within the ACL have meaning as samba aborts
permission lookup on matching denials but combines read and full access.
since our ACL table mimics windows' we'll follow its behavior as it's
also fairly easy to explain

"a denial always denies, no matter what other rules exist"

to that end we'll now sort the ACL to first list denials, then reads,
then full access

- if foo is denied they'll not be let in
- if bar is read they get let in
- if Everyone is denied nobody gets in

should we later add group support this further becomes

- if groupFoo is denied and bar is a member of it then bar is denied
- if groupBar is read and foo is a member of it then foo is still denied
- if groupFoo is fullacces and bar is a member they'll get fullaccess

CCBUG: 422554
FIXED-IN: 20.12
parent 3bfb749e
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment