getfacl and sysvol
Rowland Penny
repenny241155 at gmail.com
Wed Aug 13 12:58:12 MDT 2014
OK, I wonder if somebody could explain this to me, if I run getfacl on
/var/lib/samba/sysvol, I get this:
getfacl: Removing leading '/' from absolute path names
# file: var/lib/samba/sysvol
# owner: root
# group: 3000000
user::rwx
user:root:rwx
group::rwx
group:3000000:rwx
group:3000001:r-x
group:3000002:rwx
group:3000003:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::---
default:group:3000000:rwx
default:group:3000001:r-x
default:group:3000002:rwx
default:group:3000003:r-x
default:mask::rwx
default:other::---
If I examine idmap.ldb, I find that the numbers above are mapped to
windows well known RID's:
3000000: CN=S-1-5-32-544
3000001: CN=S-1-5-32-549
3000002: CN=S-1-5-18
3000003: CN=S-1-5-11
A quick search on the internet turns up a microsoft page that tells me
what the RID's are:
CN=S-1-5-32-544 Administrators
CN=S-1-5-32-549 Server Operators
CN=S-1-5-18 Local System
CN=S-1-5-11 Authenticated Users
So we come to the questions.
Why, if three of the four are groups and the other is an account, are
they ALL described in idmap.ldb as ID_TYPE_BOTH ?
I take it that ID_TYPE_BOTH means that the object is both a user and a
group, how can something be both a user AND a group ?
Finally, will it break something if I give them a gidNumber or uidNumber ?
Rowland
More information about the samba-technical
mailing list