Security Identifier (SID) to User Identifier (uid) Resolution System

Steve Langasek vorlon at
Wed Jan 5 01:38:12 GMT 2000

On Wed, 5 Jan 2000, Luke Kenneth Casson Leighton wrote:

> > 	Well, I said what I did under the assumption that there would be no
> > mapping from -2 back to any SID (i.e. the mapping function would fail).

> the mapping from SID to unknowwn uid MUST fail.  the mapping from uid to
> unknown SID MUST fail.

Wouldn't this be a cosmetic issue?  If the driver only allows access to the
resource if it can successfully map a uid/gid to an SID, and it's explicit
that the 'nobody' uid will *not* map to an SID, then it will only *appear*
that user 'nobody' has read/write/whatever access.  That, IMHO, is a lot
better than returning -1 from stat() and having to invent a new errno for the
occasion.  Returning a uid that no one on the system is supposed to be
using should be relatively harmless, as long as it doesn't mean that POSIX uid
isn't *really* granted illegitimate access to the file.

-Steve Langasek
postmodern programmer

More information about the samba-technical mailing list