Security Identifier (SID) to User Identifier (uid) Resolution
System
Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Jan 5 16:52:33 GMT 2000
>
> Any 32-bit integer is a valid UID or GID under POSIX (well, assuming a 32-bit
> or greater size for uid_t).
>
> It's an interesting idea. The same result could also be achieved using a
> uid_t/gid_t and a flag to tell which it is. You still only need one database,
> your POSIX key just has to include the id and the flag. I don't see any clear
> advantage to one method over the other.
>
> > Using a structure of a {uid_t low; gid_t high} to store the mappings, could
> > it work out that a specific NT SID would map to a specific GID/UID pair.
>
> > For those host operating systems that support ACLs, then an NT SID could map
> > to a specific UID, or a specific UID/GID pair, or a specific GID. I do not
> > know if any UNIX operating system has the concept of a RIGHTS identifier
> > separate from a GID.
>
> But an SID under NT always represents a single user OR a single group. It
> never represents both at the same time. I think it would unnecessarily
> complicate matters to try to map SIDs to more than one POSIX entity.
>
> -Steve Langasek
> postmodern programmer
>
there's a sectuin in http://cb1.com/~lkcl/draft-lkc-sidtouid-00.txt that
covers this: using a unix uid to represent a group.
More information about the samba-technical
mailing list