idra at samba.org
Tue Oct 3 15:28:42 GMT 2006
On Tue, 2006-10-03 at 17:18 +0200, Volker Lendecke wrote:
> On Tue, Oct 03, 2006 at 11:13:22AM -0400, simo wrote:
> > > I did not say to not use lookupsid. I said that if it can't
> > > tell then we might allocate both.
> > Ok, I misunderstood this, but the basic problem does not change.
> Hmm. BTW, if lookupsid returns SID_TYPE_USER then we have
> allocate a gid as well for the sidHistory. Forgot that.
> > Uhm and what do I report back on a query for that SID later on?
> > Always UID? Always GID?
> GID is the safe default until we know better.
Uhmm this is a bet and need cooperation from other code.
What if we cannot lookup a trusted domain SID because a WAN link is down
and then we find out it was a user SID? We cannot retroactively change
the permissions set on disk.
Back in 2001 at Jermey's house (CIFS conf) I remember I already proposed
to always use a single range and alloc both a uid and a gid at the same
time and always use both the uid and the gid in file permissions, but
this was not accepted as Jeremy said it would have had a too big impact
on the ACL code.
Jeremy has your opinion changed since then ?
Samba Team GPL Compliance Officer
email: idra at samba.org
More information about the samba-technical