diff options
author | Pali Rohár <pali@kernel.org> | 2024-10-14 13:51:21 +0200 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2025-04-01 01:54:17 -0500 |
commit | bf782ada459efde8fe9a488cf30a40d32caf787f (patch) | |
tree | ad6ab3d1758a137ce7f008f0332a569564d0160d /rust/kernel/processor.rs | |
parent | 764da2fff399756d09b02db7fa7bd05e57928cc0 (diff) |
cifs: Add a new xattr system.smb3_ntsd_sacl for getting or setting SACLs
Access to SACL part of SMB security descriptor is granted by SACL privilege
which by default is accessible only for local administrator. But it can be
granted to any other user by local GPO or AD. SACL access is not granted by
DACL permissions and therefore is it possible that some user would not have
access to DACLs of some file, but would have access to SACLs of all files.
So it means that for accessing SACLs (either getting or setting) in some
cases requires not touching or asking for DACLs.
Currently Linux SMB client does not allow to get or set SACLs without
touching DACLs. Which means that user without DACL access is not able to
get or set SACLs even if it has access to SACLs.
Fix this problem by introducing a new xattr "system.smb3_ntsd_sacl" for
accessing only SACLs part of the security descriptor (therefore without
DACLs and OWNER/GROUP).
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'rust/kernel/processor.rs')
0 files changed, 0 insertions, 0 deletions