Security Identifier (SID) to User Identifier (uid) Resolution System

Steve Langasek vorlon at netexpress.net
Thu Dec 23 19:30:28 GMT 1999


A little bit of feedback...

On Fri, 24 Dec 1999, Luke Kenneth Casson Leighton wrote:

> http://www.cb1.com/~lkcl/cifs/draft-lkcl-sidtouidmap-00.txt (and .html)

Quoting the document:

>Secondly, the SID S-1-1 represents the concept in the NT Security Model
>of "Everyone", and should explicitly be mapped to the Unix "other" concept.

If I understand correctly the NT idea of 'everyone', then this is not an exact
mapping.

In Unix, if a file (or directory) has permissions of rwx---r-x and is owned by
user foo/group bar, then user foo has full access to the file, group bar has
*NO* access to the file, and everyone else has read/execute permissions.

When you say 'Everyone', do you literally mean that these permissions are
available to anyone who tries to access the file, even if there is another
ACE present which applies to them?  Or is S-1-1 only looked at if no other
ACE's match?  If the first case is true, then the mapping becomes more
complex.

-Steve Langasek
postmodern programmer



More information about the samba-technical mailing list