[PATCH] s4/provision: don't mix local uid numbers with domain mappings
Björn Jacke
bjacke at sernet.de
Wed Dec 13 13:42:51 UTC 2017
From 514e4d8c57b9189a0a3dddcee1748db832f7b851 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke at samba.org>
Date: Wed, 13 Dec 2017 14:38:03 +0100
Subject: [PATCH] s4/provision: don't mix local uid numbers with domain
mappings
mixing local IDs with domain mapped IDs is a bad idea. Especially don't mess
with root's uid 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9837
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
---
python/samba/provision/__init__.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index d95f46a..b63ef2e 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -786,8 +786,10 @@ def setup_name_mappings(idmap, sid, root_uid, nobody_uid,
"""
idmap.setup_name_mapping("S-1-5-7", idmap.TYPE_UID, nobody_uid)
- idmap.setup_name_mapping(sid + "-500", idmap.TYPE_UID, root_uid)
- idmap.setup_name_mapping(sid + "-513", idmap.TYPE_GID, users_gid)
+ # we should not mess with local uid/gid numbers (especially not root's
+ # and the domain mappings, see bug 9837.
+ #idmap.setup_name_mapping(sid + "-500", idmap.TYPE_UID, root_uid)
+ #idmap.setup_name_mapping(sid + "-513", idmap.TYPE_GID, users_gid)
def setup_samdb_partitions(samdb_path, logger, lp, session_info,
--
2.7.4
More information about the samba-technical
mailing list