Need to map SIDs for unknown users

Volker Lendecke Volker.Lendecke at SerNet.DE
Sun Jul 13 11:03:23 GMT 2003

On Sat, Jul 12, 2003 at 09:09:18PM -0500, Gerald (Jerry) Carter wrote:

> Unless we know a SID is valid, I don't believe we should allocate 
> any uid or gid for it.

The most striking example for the need of this was described by tridge
at SambaXP: Backup of arbitrary servers or user's local directories in a
workgroup environment. We move so close towards NT that I would really
like to take this last step as well.

I do see that we have a potential DoS scenario here, but I don't really
see how this can create a security problem. If the uid space is
exhausted, we should return an appropriate error code. For certain
specialized scenarios we might also create a little cleanup tool that
scans filesystems for id's and purges the unused ones. I know that this
is a problem with backups, but it might help the conscious admin.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url :

More information about the samba-technical mailing list