FW: Speed comp. TNG & 2.2.alpha (fwd)
F.W.J.Wiegerinck
f.w.j.wiegerinck at student.utwente.nl
Tue Feb 27 23:10:42 GMT 2001
Andrew Barlett wrote:
> Peter Samuelson wrote:
> >
> > [Andrew Bartlett]
> > > Well if the case of private groups could be simply exculded (they
> > > exist only to make unix admin easier, they dont benifit NT), and
> > > system groups excluded, this problem would just 'go away' in the vast
> > > majority of installations.
> >
> > So when a file belongs to one of these excluded groups, and NT asks for
> > the security descriptor, what do you tell it -- "no group"?
> >
> > Peter
>
> I don't know the internals of NT as well as I should, but I didn't think
> that files under NT needed to be owned by both a group and a user, ie a
> file can be owned by just a user.
>
> If this is the case, then samba should just not mention the private
> group involved, and simply say the file is owned by the user. If
> sombody is playing games, and files are owned by a different
> user/private group combination (ie not matching), then we have a problem
> - but that shouldn't occur in the natural course of things, and would
> require root permissions to setup anyway.
If we just look to the requirements for users and/or groups for the
platforms
windows and unix systems, we can determine (correct me if I am wrong)
Unix:
- each user has one or more groups
- each group has zero or more users
Windows:
- each user has zero or more groups
- each group has zero or more users
Conclusion:
* converting unix groups to windows groups will never be a problem.
windows groups have the same restrictions as unix groups for the
relation group to user
* converting windows groups to unix groups will never be a problem.
unix groups have the same restrictions as windows groups for the
relation group to user
* converting unix users to windows users will never be a problem.
a 1 to many relation can always be inserted into a 0 to many relation
* converting windows users can be a problem.
a 0 to many relation can't be insert automatically into a 1 to many
relation
This problem ( 0 to many converting to a 1 to many relation) can be solved
by always inserting a relation into the 0 to many relation. if "n" is the
number
of groups before converting, then it can be expressed like: n(start) = 0..m;
when
we adapt this relation by inserting 1 relation we can expresse it like:
n(adapted) = n(start) + 1 = (0..m)+1 = 1..(m+1) = 1..m
When we have adapted the relation is won't be a problem any more.
But how can we adapte the relation.There will be enough ways to do this.
Here are
2 examples:
* Each user has his own group with the same name. Problems will occure if an
other
user will use that group to. If a group has the same name as it user it
will not
be passed throw to the windows system.
* Each user has his "dummy" group. By example: this group could have the
name
"nobody". This could be specified into the config-file. This groupname
will not
be passed throw to the windows system.
Both solutions require a filter for all relations to adjust any information
to the specs.
Sorry for my poor english and the way of expression.
Frank Wiegerinck
More information about the samba-ntdom
mailing list