Recent changes to autorid (was Re: [SCM] Samba Shared Repository - branch master updated)

Mathias Dietz MDIETZ at de.ibm.com
Wed Apr 30 08:21:16 MDT 2014 

Simo <simo at samba.org> wrote on 30/04/2014 15:26:20:

> On Wed, 2014-04-30 at 14:38 +0200, Mathias Dietz wrote:
> > Hi Michael, Jeremy, 
> > 
> > I'm concerned about the proposal of having fixed ids for well-knowns 
> > because it has a high potential to break existing customer setups. 
> > Even though having fixed ids for well-knows sounds appealing, you can 
not 
> > guarantee that they do not conflict with existing users on the system.
> 
> I think the proposal form Jeremy is more nuanced.
> 
> As far as I understood it the idea is to propose *default* wellknown
> mappings for wellknown SIDs.
> However should those conflict with pre-existing setups then samba would
> stop and tell the admin how to manually map all those sids in idmap.
> 
> The idea is not to hardcode the mappings, but to preset them in an idmap
> table.

What does "manually map" mean ? it should be possible to choose another 
well-known range if the default range has a conflict and not map 
individual IDs manually (like tdb2) .

> 
> > We use Samba with autorid for many customer installations and it 
happens 
> > often that there are existing NFS ids which can not be changed easliy.
> > A full file system traversal would be needed to replace conflicting 
ids in 
> > the acls. Even worse, if conflicting NFSv3 users exists you would have 
to 
> > change all the clients as well. In combination with SFU or NIS the 
> > externally store ids would need to be changed as well.
> > 
> > This will scare some customers and lead to upgrade problems.
> > Michaels initials proposal sounds more flexible and would not lead to 
such 
> > problems. 
> 
> See the above, remapping of those IDs will always be possible, it is
> just that it should be an exception and not the rule.
> 
> Simo.
> 

The goal of the initial patch was to make sure that the well-known id 
assignment is 100% determinitic as long as you make sure that the autorid 
config is the same. Just by replicating the autorid config between 
multiple systems we can guarantee that the ids are the same. 
Any remapping of IDs would need to be deterministic as well, e.g. by 
storing the well-known ID range in the autorid config. 

Mathias Dietz

More information about the samba-technical mailing list