Security Identifier (SID) to User Identifier (uid) Resolution System

Luke Kenneth Casson Leighton lkcl at
Wed Jan 5 16:52:33 GMT 2000

> Any 32-bit integer is a valid UID or GID under POSIX (well, assuming a 32-bit
> or greater size for uid_t).
> It's an interesting idea.  The same result could also be achieved using a
> uid_t/gid_t and a flag to tell which it is.  You still only need one database,
> your POSIX key just has to include the id and the flag.  I don't see any clear
> advantage to one method over the other.
> > Using a structure of a {uid_t low; gid_t high} to store the mappings, could
> > it work out that a specific NT SID would map to a specific GID/UID pair.
> > For those host operating systems that support ACLs, then an NT SID could map
> > to a specific UID, or a specific UID/GID pair, or a specific GID.  I do not
> > know if any UNIX operating system has the concept of a RIGHTS identifier
> > separate from a GID.
> But an SID under NT always represents a single user OR a single group.  It
> never represents both at the same time.  I think it would unnecessarily
> complicate matters to try to map SIDs to more than one POSIX entity.
> -Steve Langasek
> postmodern programmer

there's a sectuin in that
covers this: using a unix uid to represent a group.

More information about the samba-technical mailing list