Security Identifier (SID) to User Identifier (uid) Resolution
System
Luke Kenneth Casson Leighton
lkcl at samba.org
Fri Dec 24 18:47:26 GMT 1999
On Thu, 23 Dec 1999, Steve Langasek wrote:
> A little bit of feedback...
>
> On Fri, 24 Dec 1999, Luke Kenneth Casson Leighton wrote:
>
> > http://www.cb1.com/~lkcl/cifs/draft-lkcl-sidtouidmap-00.txt (and .html)
>
> Quoting the document:
>
> >Secondly, the SID S-1-1 represents the concept in the NT Security Model
> >of "Everyone", and should explicitly be mapped to the Unix "other" concept.
>
> If I understand correctly the NT idea of 'everyone', then this is not an exact
> mapping.
>
> In Unix, if a file (or directory) has permissions of rwx---r-x and is owned by
> user foo/group bar, then user foo has full access to the file, group bar has
> *NO* access to the file, and everyone else has read/execute permissions.
damn. does that _exclude_ the group bar from accessing the file?
that would be this, then:
foo is granted full control
bar is denied full control
Everyone is granred read and execute.
this is different from:
foo is granted full control
Everyone is granred read and execute.
is that a correct interpretation?
with NT secrurity descriptors, you can do that sort of thing (grant /
deny). the order _is_ important.
More information about the samba-technical
mailing list