Posix Extended headers ...
Richard Sharpe
rsharpe at ns.aus.com
Tue Jul 16 08:20:02 GMT 2002
On Tue, 16 Jul 2002, Joerg Schilling wrote:
> >From rsharpe at ns.aus.com Tue Jul 16 00:10:48 2002
>
> >> Storing a sid and rid would perhaps be a better way to do it as you may
> >> not be able to resolve the username or domain due to network problems or
> >> that the sid is a foreign sid from a non-trusted domain.
>
> >OK, you are right. Storing as S-1-5-21-xxx-yyy-... for all SIDs would
> >probably be better.
>
> I would need to learn what this is. Do you have pointers for a quick overview?
A SID is a security identifier. They are MS's equivalent of UIDs and GIDs.
They have structure and they are unified, in that groups have SIDs as
well.
Internally, they are almost an array of GUINT32s (the first two are a bit
more complex), but they are written in text format as:
S-1-5-21-XXX-YYY-ZZZ-RID
| | | | | | | |
| | | | | | | |
| | | | | | | +--------Relative ID within domain/box
| | | +---+---+---+------------Sub Authorities, 21 indicates NT
| | +--------------------------Authority, I think
| +----------------------------Version
+------------------------------Verbose indicator that it is a SID
The portion S-1-5-21-XXX-YYY-ZZZ is the domain SID, and RID is the
relative ID, however, for all ACL purposes, they should be stored as the
full DOMAIN-SID and RID, ie as above.
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
More information about the samba-technical
mailing list