Problem related to ID_TYPE_BOTH -Need suggestion
Abhidnya S Joshi
achirmul at in.ibm.com
Fri Jul 19 03:30:11 MDT 2013
Hi Andrew,
I believe, this (nss_winbind change) will still resolve local access issue
but the problem will be still there with NFS access. Although it can be
solved by doubling the ACL size by having UID and GID entries, this will
restrict max ACL size by half.
Thanks and Regards
Abhidnya
From: Andrew Bartlett <abartlet at samba.org>
To: Abhidnya S Joshi/India/IBM at IBMIN,
Cc: "Stefan (metze) Metzmacher" <metze at samba.org>,
samba-technical at samba.org
Date: 07/19/2013 02:42 PM
Subject: Re: Problem related to ID_TYPE_BOTH -Need suggestion
On Fri, 2013-07-19 at 13:48 +0530, Abhidnya S Joshi wrote:
> Hi Stefan,
>
> I think that still wont solve issue during NFS access. Also even though
> Samba works fine with a user being treated as group while putting ACLs,
> with this every user will always be treated as group. I think this looks
> little odd.
Yes, it looks odd, but this is how we have decided to handle IDMAP_BOTH.
Given the users are going to come via winbind (in order to have got an
IDMAP_BOTH in the first place), it seems reasonable just to fix
nss_winbindd.
The alternative is to double to size of the ACL by having both UID and
GID entries for every IDMAP_BOTH result.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list