Copying files to SMB share with domain controller managing user accounts
Copying files to SMB share with domain controller managing user accounts
- Subject: Copying files to SMB share with domain controller managing user accounts
- From: Dragan Milić <email@hidden>
- Date: Tue, 20 Sep 2016 21:01:42 +0200
I’m working on a file manager application and I’ve got some difficulties copying files to certain destinations. This is the basic setup revealing the problem:
1) There's single file with 0644 POSIX permissions and no ACLs. Hence, the source permissions are like on the following picture(1):
http://www.zigz.ag/temp/smb_cpy1.png
2) The file is copied to an SMB share (Linux/Win/Disk Volume) without a domain controller using POSIX level copyfile() API. The POSIX permissions of the destination file 0700, without any ACLs, like on the following picture(2):
http://www.zigz.ag/temp/smb_cpy2.png
3) The file is copied to an SMB share (Linux/Win/Disk Volume) without a domain controller using deprecated File Manager FSCopyObjectAsync() API. The POSIX permissions of the destination file 0700, without any ACLs, like on the previous picture(2).
So, everything seems okay so far. However, once the file is copied to an SMB (Windows) share with domain controller managing user accounts, the results are:
4) The file is copied to an SMB share (Win) with a domain controller using POSIX level copyfile() API. The POSIX permissions of the destination file 0700, without any ACLs, like on the previous picture(2).
5) The file is copied to an SMB share (Win) with a domain controller using deprecated File Manager FSCopyObjectAsync() API. The POSIX permissions of the destination file 0700, BUT it also has some additional ACL entries, enabling group users to access the file, like on the following picture(3):
http://www.zigz.ag/temp/smb_cpy3.png
It’s clear that copying a file using POSIX copyfile() API to a SMB share with domain controller makes a copy inaccessible to anyone, except for file owner. However, copying the same file to the same SMB share using File Manager FSCopyObjectAsync() API, while still laving the file inaccessible to anyone except the file owner on POSIX level, adds appropriate ACL entries, which enable other users to access the file.
Just for reference, (Apple) Finder gives the same result as copying using FSCopyObjectAsync() API, which leads me to (possibly wrong) conclusion that Finder is still using that long-time deprecated API (or its private derivate).
Since I want to stay away of deprecated APIs and use copyfile(), I wonder what is additional “magic” performed by FSCopyObjectAsync() (and Finder) in this particular case? How can I access the list of registered users on an SMB share so that I can add appropriate ACLs to copied files? Or does it (adding ACL entries) actually happen on the remote side, but I need to somehow “trigger” the share to do that? Is there any available API for that all?
** I apologise for screenshots in German, all tests were actually performed by a customer in Germany, as at the moment I don’t have access to any SMB with domain controller / active directory server.
Any help is very appreciated.
Thanks,
-- Dragan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Filesystem-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden