Posix Extended headers ...

Simo Sorce simo.sorce at xsec.it
Tue Jul 16 07:07:02 GMT 2002 

Hi Joerg

NT uses a different security mechanism than unix

The only security token available is the SID (no uid no gid)

The SID can identify not only users but also groups and maybe other
entities. And you do not know, given a SID only what it is exactly.

And there are also chances that at the time of backup you are not able
to know what a SID exactly is for a number of reasons (for example the
Domain controller this SID came from is down).

SID should be universal (eg: no 2 identical SID can exist in the world).

RID is only the variant part of a SID inside a machine, all users of a
machine/domain are different by the RID (Relative ID).

So backupping by SID ONLY is the way to go, take it as THE identifier to
use.

Hope that's enough currently,
Simo.

On Tue, 2002-07-16 at 15:26, Joerg Schilling wrote:
> >From rsharpe at ns.aus.com Tue Jul 16 00:10:48 2002
> 
> >> Storing a sid and rid would perhaps be a better way to do it as you may
> >> not be able to resolve the username or domain due to network problems or
> >> that the sid is a foreign sid from a non-trusted domain.
> 
> >OK, you are right. Storing as S-1-5-21-xxx-yyy-... for all SIDs would 
> >probably be better.
> 
> I would need to learn what this is. Do you have pointers for a quick overview?
> 
> 
> 
> Jörg
> 
>  EMail:joerg at schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
>        js at cs.tu-berlin.de		(uni)  If you don't have iso-8859-1
>        schilling at fokus.gmd.de		(work) chars I am J"org Schilling
>  URL:  http://www.fokus.gmd.de/usr/schilling   ftp://ftp.fokus.gmd.de/pub/unix
> 
-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20020716/63841478/attachment.bin

More information about the samba-technical mailing list