FAT, NTFS, CIFS and DOS attributes

Kyle Moffett mrmacman_g4 at mac.com
Tue Jan 4 04:50:17 GMT 2005

On Jan 03, 2005, at 22:56, tridge at samba.org wrote:
> superset is hard, as a uid_t/gid_t is only superfically similar to a
> windows SID. Samba has to do quite a lot of complex stuff to map
> between general SIDs and posix IDs. It can't be done in any reasonable
> fashion without being able to talk MSRPC to domain controllers, or at
> least having a (potentially quite large) persistent database of
> mappings.

I only have a couple points of response here, really.  Primarily, I 
say that I thought this was possible, let alone easy, only that it 
would be
closer to the mythical "ideal" than the system what we currently have.

My personal opinion is that perhaps this (ideally) should be integrated
somehow with an additional "credentials" system, perhaps like that
which dhowells added.  An "SID" for a particular local NTFS (or maybe
even remote via CIFS too) filesystem would be another "credential"
given to users.  Heck, if we _really_ wanted to go far, the "user" and
"group" identifiers originating in UNIX could be "credentials" too, and
passed on from parent to child processes.  In such a system, many of
the core process identity syscalls would need to be changed, but it
would be the framework for a much better network environment
integration, because the UID and GIDs would be local to one specific
computer, not global like NFS pretends they are.  Someone could
even have differing UIDs for local ext3 filesystems and remote NFSv3
and CIFS filesystems, like this:

/		"bobdoe at localhost" (32)
/mnt/nfs	"bdoe at cronos" (1054)
/mnt/cifs	"Bob Doe at ATLAS" (S-1-3-21-123123-456456-789789-32)

Of course, the standard disclaimer is that all this is far far down the
road, mainly because of how extensive such changes would be :-\.
It's always nice to dream, though :-D.

Kyle Moffett

Version: 3.12
GCM/CS/IT/U d- s++: a18 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r  

More information about the samba-technical mailing list