Security Identifier (SID) to User Identifier (uid) Resolution
Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Jan 5 16:55:13 GMT 2000
On Thu, 6 Jan 2000, Cole, Timothy D. wrote:
> > -----Original Message-----
> > From: Steve Langasek [SMTP:vorlon at netexpress.net]
> > Sent: Tuesday, January 04, 2000 20:40
> > To: Multiple recipients of list SAMBA-TECHNICAL
> > Subject: RE: Security Identifier (SID) to User Identifier (uid)
> > Resolution System
> > On Wed, 5 Jan 2000, Luke Kenneth Casson Leighton wrote:
> > > > Well, I said what I did under the assumption that there would be no
> > > > mapping from -2 back to any SID (i.e. the mapping function would
> > fail).
> > > the mapping from SID to unknowwn uid MUST fail. the mapping from uid to
> > > unknown SID MUST fail.
> > Wouldn't this be a cosmetic issue? If the driver only allows access to
> > the
> > resource if it can successfully map a uid/gid to an SID, and it's explicit
> > that the 'nobody' uid will *not* map to an SID, then it will only *appear*
> > that user 'nobody' has read/write/whatever access. That, IMHO, is a lot
> > better than returning -1 from stat() and having to invent a new errno for
> > the
> > occasion. Returning a uid that no one on the system is supposed to be
> > using should be relatively harmless, as long as it doesn't mean that POSIX
> > uid
> > isn't *really* granted illegitimate access to the file.
> Well, that's a good point; I hadn't actually realized that it's not
> really a problem _as long as the mapping is one-way_.
> We can't really just allow stat() to fail, either -- imagine what
> would happen if the root of the filesystem had a primary group with an
> unknown SID. That shouldn't actually affect anyone else's access to
> anything one way or another (and doesn't in similar sitations under NT), but
> if stat() just failed, it'd really screw all kinds of things up very very
it's not stat() that would fail. it's that an SMB query that needed a SID
to uid conversion or vice-versa would be failed "access dined" even brore
_getting_ to the stat.
or, having done a stat, and getting the uid, do a SID to uid conversion
and if the conversion fails, return ACCESSDENIED.
More information about the samba-technical