getpwnam/uid for group with ID_TYPE_BOTH

Stefan Metzmacher metze at
Thu Sep 26 05:48:55 UTC 2019

Hi Uri,

> Can you elaborate on that sentence, and what is the use case for
> generating passwd for a group? Is it related to a file being owned by a
> group SID (administrators)?

Yes. And also to support sid history, because the unix token can only
have one uid. When I user is moved to a different domain his primary
user sid changes, but the old sid is still in the token.
And it means we have to change the mapping for that sid from a uid
to a gid.

Another thing is that we don't need to ask a domain controller
to find out if the sid belongs to a user or group, it's just
sid and we just map it to a uid and gid with the same number.
Which allows kerberos authentication without needing a domain controller.

> I'm not sure I ever understood this ID_TYPE_BOTH thing - I seem to
> remember that my understanding has been that it simplifies the code -
> that some rid backends don't know and don't care if a SID is a group or
> a user, but they sure can convert it to a unix ID, hence the "both", but
> that explanation doesn't mandate ability to generate passwd for a group,
> so hearing that this is actually what ID_TYPE_BOTH is all about was
> surprising to me.

When you do a ls -l the number uid or gid should be converted.
Or you can use chown with the name.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list