Security Identifier (SID) to User Identifier (uid) Resolution System

Luke Kenneth Casson Leighton lkcl at
Tue Jan 4 18:24:57 GMT 2000

> > > > accepts SIDs in ACL set requests. It currently doesn't accepts a
> > > > non-local SID  in an ACL set request, and I don't think it should.
> > > 
> > > i know you don't.  means samba will never be fully nt-domain
> > > interoperable.
> > 
> > Well, in order for Samba to store a non-local SID in an
> > ACL set it must have some way to store it in the filesystem.
> > 
> > POSIX doesn't allow this.
> > 
> 	You find or allocate a local "POSIX identity" to use in the ACL, and
> note (somewhere) its equivalent SID.  Granted, that doesn't help you much if
> you're pulling disks and sticking them in machines with different account
> databases, but that's a problem under POSIX anyway.

AGH!  mr cole, what the heck did you have to bring _that_ up for???? :-)
ok. well, if you took the SURS table with you on the disk, you could get
away with the uid->SID representation on another POSIX system.

agreed, the uids would be totally meaningless on the other POSIX system,
but at least the SIDs would be consistent, as represented from that disk,
through the SURS table.

More information about the samba-technical mailing list