Security Identifier (SID) to User Identifier (uid) Resolution
vorlon at netexpress.net
Wed Jan 5 01:38:12 GMT 2000
On Wed, 5 Jan 2000, Luke Kenneth Casson Leighton wrote:
> > Well, I said what I did under the assumption that there would be no
> > mapping from -2 back to any SID (i.e. the mapping function would fail).
> the mapping from SID to unknowwn uid MUST fail. the mapping from uid to
> unknown SID MUST fail.
Wouldn't this be a cosmetic issue? If the driver only allows access to the
resource if it can successfully map a uid/gid to an SID, and it's explicit
that the 'nobody' uid will *not* map to an SID, then it will only *appear*
that user 'nobody' has read/write/whatever access. That, IMHO, is a lot
better than returning -1 from stat() and having to invent a new errno for the
occasion. Returning a uid that no one on the system is supposed to be
using should be relatively harmless, as long as it doesn't mean that POSIX uid
isn't *really* granted illegitimate access to the file.
More information about the samba-technical