proposed new Unix QFS Info level

James Peach jorgar at gmail.com
Tue Feb 6 22:10:51 GMT 2007


On 06/02/07, Conrad Minshall <conrad at mac.com> wrote:
> For this interface you might want to specify that the number of SIDs
> must be either zero or equal to the number of supplementary gids.
> Then again, imagine a server for some reason is only able to determine
> gid=>SID mappings for some but not all of the gids, in which case we
> should define a structure which preserves the gid/SID correspondence.

I'd prefer not to nail down the relationships between the SIDs and the
GIDs in this case. For example, on Mac OS X, it's very hard to
guarantee that the GID list is complete - the kernel only knows a
small number of the group memberships at any one time. Since the group
memberships can (potentially) change at any time, this information is
best regarded as a hint and used for display purposes (ie. not for
access control).

Additionally, it is possible for a server to not map any of the GIDs.
For example, there may be a server that provides *only* Unix
semantics. In this case, the GID list oule be populated and the SID
list would not be. I don't know of any such servers, but there was a
desire to make this possible :)

The main rationale for this extension is for Unix clients to be able
to sensibly display whether files are "owned by me" or "owned by
someone else, as per "ls -l". A secondary rationale is to be able to
determine whether a client has been mapped or forced to guest on a
per-share basis. This can happen with some Samba configurations.

-- 
James Peach | jorgar at gmail.com


More information about the samba-technical mailing list