Security Identifier (SID) to User Identifier (uid) ResolutionSystem
Jeremy Allison
jeremy at valinux.com
Thu Dec 23 20:34:37 GMT 1999
Steve Langasek wrote:
>
>
> >Secondly, the SID S-1-1 represents the concept in the NT Security Model
> >of "Everyone", and should explicitly be mapped to the Unix "other" concept.
>
> If I understand correctly the NT idea of 'everyone', then this is not an exact
> mapping.
>
> In Unix, if a file (or directory) has permissions of rwx---r-x and is owned by
> user foo/group bar, then user foo has full access to the file, group bar has
> *NO* access to the file, and everyone else has read/execute permissions.
The current version of mapping UNIX perms to NT ACLs in Samba 2.0.x
reproduces these semantics correctly.
> When you say 'Everyone', do you literally mean that these permissions are
> available to anyone who tries to access the file, even if there is another
> ACE present which applies to them? Or is S-1-1 only looked at if no other
> ACE's match? If the first case is true, then the mapping becomes more
> complex.
Nope, the second case is true. NT ACLs are processed
in order, and Samba always returns them in the user/group/world
order.
Regards,
Jeremy Allison,
Samba Team.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list