[PATCH] s4/provision: don't mix local uid numbers with domain mappings

[Rowland Penny]

On Wed, 13 Dec 2017 14:42:51 +0100
Björn Jacke via samba-technical <samba-technical at lists.samba.org> wrote:

> From 514e4d8c57b9189a0a3dddcee1748db832f7b851 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke at samba.org>
> Date: Wed, 13 Dec 2017 14:38:03 +0100
> Subject: [PATCH] s4/provision: don't mix local uid numbers with domain
>  mappings
> 
> mixing local IDs with domain mapped IDs is a bad idea. Especially
> don't mess with root's uid 0.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=9837
> 
> Signed-off-by: Bjoern Jacke <bjacke at samba.org>
> ---
>  python/samba/provision/__init__.py | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/python/samba/provision/__init__.py
> b/python/samba/provision/__init__.py index d95f46a..b63ef2e 100644
> --- a/python/samba/provision/__init__.py
> +++ b/python/samba/provision/__init__.py
> @@ -786,8 +786,10 @@ def setup_name_mappings(idmap, sid, root_uid,
> nobody_uid, """
>      idmap.setup_name_mapping("S-1-5-7", idmap.TYPE_UID, nobody_uid)
>  
> -    idmap.setup_name_mapping(sid + "-500", idmap.TYPE_UID, root_uid)
> -    idmap.setup_name_mapping(sid + "-513", idmap.TYPE_GID, users_gid)
> +    # we should not mess with local uid/gid numbers (especially not
> root's
> +    # and the domain mappings, see bug 9837.
> +    #idmap.setup_name_mapping(sid + "-500", idmap.TYPE_UID, root_uid)
> +    #idmap.setup_name_mapping(sid + "-513", idmap.TYPE_GID,
> users_gid) 
>  
>  def setup_samdb_partitions(samdb_path, logger, lp, session_info,

You are probably starting to think I am a pain, but NAK on
Administrator not getting the ID '0', you are about to break half of
the installs (at least) by doing this.

The ssh problem isn't really a problem, you just have to remember to
ssh as 'root', not as Administrator. When on Unix, use 'root' and when
on Windows, use Administrator.

Rowland