idra at samba.org
Tue Oct 3 15:13:22 GMT 2006
On Tue, 2006-10-03 at 17:11 +0200, Volker Lendecke wrote:
> On Tue, Oct 03, 2006 at 10:46:26AM -0400, simo wrote:
> > Volker suggested to also change IDmap to always allocate a uid and a gid
> > at the same time and not use the lookupsid.
> I did not say to not use lookupsid. I said that if it can't
> tell then we might allocate both.
Ok, I misunderstood this, but the basic problem does not change.
> > This implies a lot more work outside IDmap I am not willing to make at
> > this point (changing the ACL code, dealing with backwards compatibility
> > and keeping a mixed situation working, etc..)
> > Also removing the lookupsid safeguard will need some other method to
> > guard against possible DOSs.
> If we agree that this is a necessary thing then I think this
> is the right moment to do it.
> And I really doubt the additional work is necessary *now*,
> but I would be delighted to see it in the design. Basically,
> on allocation we would alloc both. Always.
Uhm and what do I report back on a query for that SID later on?
Always UID? Always GID?
Samba Team GPL Compliance Officer
email: idra at samba.org
More information about the samba-technical