More proposed passdb changes: users without local unix uids.
t.d.lee at durham.ac.uk
Wed Jan 9 02:11:02 GMT 2002
On Wed, 9 Jan 2002, Andrew Bartlett wrote:
> Jeremy Allison wrote:
> > On Tue, Jan 08, 2002 at 05:12:02PM +1100, Andrew Bartlett wrote:
> > > Of course the uid field never makes it to the SAM_ACCOUNT struct, but
> > > this method is backward-compatible (as far as I can tell) because the
> > > smbpasswd format is unchanged (unless you are a site with over 6000
> > > users in smbpasswd, and I highly doubt there are any, given the
> > > performance problems).
> > I'm concerned about this. The reason is that on many
> > sites the users are not allocated in a linear fashion.
> > You can't just assume that users over 6000 are "safe".
> > I'd resist creating users in smbpasswd that don't exist
> > in /etc/passwd. Please don't check this code in yet.
> In light of these comments and JF's I'll be making the test 'uid >= 6000
> && !getpwnam(name)'. But as you note in your next e-mail, I've promised
> not to touch anything yet...
I confess to not following the detail.
We don't use smbpasswd, simply UNIX passwd info. But we have some 20,000
users (i.e separate UNIX uids) in that passwd info, scattered randomly
from about 300 (three hundred) to about 32,000. (So our uid table is
about two-thirds full, and we have already hit a little-known, and
unfixable, design flaw in Solaris NIS/dbm.)
So if Andrew's proposal (smbpasswd?) includes traditional UNIX passwd info
it sounds like it would be unworkable for us. (Of course, I may have
misuderstood Andrew's proposal...)
Regarding Jeremy's proposed 'uid >= 6000 && !getpwnam(name)' adjustment:
Another factor to consider for other large sites: users are added and
deleted daily, even hourly. The 'getpwnam(name)' may give one answer now,
and a different one in a hour's time. This may (or may not) be relevant.
Hope that helps.
: David Lee I.T. Service :
: Systems Programmer Computer Centre :
: University of Durham :
: http://www.dur.ac.uk/t.d.lee/ South Road :
: Durham :
: Phone: +44 191 374 2882 U.K. :
More information about the samba-technical