How to determine if a SID is group or user?

John M Trostel jtrostel at
Thu Nov 9 14:28:25 GMT 2000

---Reply to mail from Gerald Carter about How to determine if a SID is group or user?
Well, I'm trying to come back through the "set_nt_acl" call, with a
pre-alpha implementation of XFS acls.  There are more than the standard 3
ACEs created and I need (when they are read back in as is done in
"unpack_nt_permissions") to determine if the ACE is a user or group ACE.

Is the 'last bit' the high order or low order bit here? (And is that the
one I see in the dacl->ace[i] structure?

typedef struct security_ace_info
    uint8 type;  /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
    uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
    uint16 size;

    SEC_ACCESS info;
    DOM_SID sid;


> John M Trostel wrote:
>> How would I figure out if a specific ACE entry pertains to 
>> a group or a user?
>> I can go in and look at the uid and/or gid with sid_to_uid 
>> or sid_to_gid (from the ace), but there must be some 
>> way to differentiate between the group and user ace's.
> Samba uses the last bit as a flag.  Of course, this
> is entirely different from NT.  No idea how to do it 
> on Win32. See passdb/passdb.c:pdb_rid_is_user() for details.
> Cheers, jerry

---End reply
John M. Trostel
Linux OS Engineer
jtrostel at

More information about the samba-technical mailing list