Security Identifier (SID) to User Identifier (uid) Resolution System

Luke Kenneth Casson Leighton lkcl at
Wed Jan 5 01:46:51 GMT 2000

On Tue, 4 Jan 2000, Steve Langasek wrote:

> On Wed, 5 Jan 2000, Luke Kenneth Casson Leighton wrote:
> > > 	Well, I said what I did under the assumption that there would be no
> > > mapping from -2 back to any SID (i.e. the mapping function would fail).
> > the mapping from SID to unknowwn uid MUST fail.  the mapping from uid to
> > unknown SID MUST fail.
> Wouldn't this be a cosmetic issue?  If the driver only allows access to the
> resource if it can successfully map a uid/gid to an SID, and it's explicit
> that the 'nobody' uid will *not* map to an SID, then it will only *appear*
> that user 'nobody' has read/write/whatever access.  That, IMHO, is a lot
> better than returning -1 from stat() and having to invent a new errno for the
> occasion.  Returning a uid that no one on the system is supposed to be
> using should be relatively harmless, as long as it doesn't mean that POSIX uid
> isn't *really* granted illegitimate access to the file.

hum, don't know exactly what's going on, here.  like i keep mentioning,
i'm not a unix expert.

as long as you're not telling me that you want to use nobody(-2) as an NT
user, i think that's ok, but i don't quite get why.

... how does not mapping to a uid make a user "appear" to have rwx/
acccess?  what kind of acess?  and are you referring to "user "appearing""
as an nt user or a unix user?

More information about the samba-technical mailing list