First page Back Continue Last page Overview Graphics
Mapping Windows ACLs to POSIX
This cannot be a complete mapping as POSIX ACLs contain a subset of Windows permissions.
Extract the 'owner' and 'group' SIDs and map them to POSIX.
Ensure the Windows ACL is in a 'canonical' format (DENY entries must come first).
- Unpack the incoming ACL into two lists, one for the file ACL, one for the default ACL. The default ACL list will be empty for an ordinary file.
- Deal with Windows rewriting rules.
- Merge entries so that each SID can only appear once in each list – OR allow permissions AND NOT deny permissions into the resulting entry permissions.