validating owner sids

Jeremy Allison jra at
Wed Jun 23 17:09:06 GMT 2004

On Wed, Jun 23, 2004 at 09:41:30AM +0200, Guenther Deschner wrote:
> Hi,
> sorry for the self-repy.
> Maybe I describe my problem with the current code-path a little further,
> since noone took care of it yet:
> I have a large number of NT4-Fileservers that have to be migrated to samba
> file-servers. On those NT4-servers, some files and directories are owned
> by valid domain-users. Those files (including their acls) are nicely
> migrated by scopy.exe. So far, so good. 
> But: on those NT4-servers most files and directories are owned just by the
> local Admnistrators-group (rather difficult to map onto posix
> file-semantics). When now scopy.exe (the tool my customer has to use for
> various reasons) starts to copy files and directories to the samba-servers
> and then tries to migrate permissions and acls, set_nt_acl is called.
> set_nt_acl currently always returns False, as soon as it cannot map the
> owner-security-information to a valid unix-uid. scopy then stops copying
> that file (it remains crippled then with the size of zero and without any
> acl-information copied) and continues with the next file.
> This is bad, IMHO. 
> So why can't we just make the ACL_FORCE_UNMAPPABLE-condition reaccessible
> via lp_force_unkown_acl_user as it was implemented for a while in
> samba-2.2 ? It solves the problem in the best possible way by assigning
> the current's user uid/gid to the file.

Ok, give us a chance :-). Either I or Volker will fix this before 3.0.5 ship.


More information about the samba-technical mailing list