Security Identifier (SID) to User Identifier (uid) Resolution
System
Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Jan 5 01:46:51 GMT 2000
On Tue, 4 Jan 2000, Steve Langasek wrote:
> On Wed, 5 Jan 2000, Luke Kenneth Casson Leighton wrote:
>
> > > Well, I said what I did under the assumption that there would be no
> > > mapping from -2 back to any SID (i.e. the mapping function would fail).
>
> > the mapping from SID to unknowwn uid MUST fail. the mapping from uid to
> > unknown SID MUST fail.
>
> Wouldn't this be a cosmetic issue? If the driver only allows access to the
> resource if it can successfully map a uid/gid to an SID, and it's explicit
> that the 'nobody' uid will *not* map to an SID, then it will only *appear*
> that user 'nobody' has read/write/whatever access. That, IMHO, is a lot
> better than returning -1 from stat() and having to invent a new errno for the
> occasion. Returning a uid that no one on the system is supposed to be
> using should be relatively harmless, as long as it doesn't mean that POSIX uid
> isn't *really* granted illegitimate access to the file.
hum, don't know exactly what's going on, here. like i keep mentioning,
i'm not a unix expert.
as long as you're not telling me that you want to use nobody(-2) as an NT
user, i think that's ok, but i don't quite get why.
... how does not mapping to a uid make a user "appear" to have rwx/
acccess? what kind of acess? and are you referring to "user "appearing""
as an nt user or a unix user?
More information about the samba-technical
mailing list