getpwnam/uid for group with ID_TYPE_BOTH
metze at samba.org
Thu Sep 26 05:48:55 UTC 2019
> Can you elaborate on that sentence, and what is the use case for
> generating passwd for a group? Is it related to a file being owned by a
> group SID (administrators)?
Yes. And also to support sid history, because the unix token can only
have one uid. When I user is moved to a different domain his primary
user sid changes, but the old sid is still in the token.
And it means we have to change the mapping for that sid from a uid
to a gid.
Another thing is that we don't need to ask a domain controller
to find out if the sid belongs to a user or group, it's just
sid and we just map it to a uid and gid with the same number.
Which allows kerberos authentication without needing a domain controller.
> I'm not sure I ever understood this ID_TYPE_BOTH thing - I seem to
> remember that my understanding has been that it simplifies the code -
> that some rid backends don't know and don't care if a SID is a group or
> a user, but they sure can convert it to a unix ID, hence the "both", but
> that explanation doesn't mandate ability to generate passwd for a group,
> so hearing that this is actually what ID_TYPE_BOTH is all about was
> surprising to me.
When you do a ls -l the number uid or gid should be converted.
Or you can use chown with the name.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the samba-technical