getpwnam/uid for group with ID_TYPE_BOTH

[Stefan Metzmacher]

Hi Uri,

> Can you elaborate on that sentence, and what is the use case for
> generating passwd for a group? Is it related to a file being owned by a
> group SID (administrators)?

Yes. And also to support sid history, because the unix token can only
have one uid. When I user is moved to a different domain his primary
user sid changes, but the old sid is still in the token.
And it means we have to change the mapping for that sid from a uid
to a gid.

Another thing is that we don't need to ask a domain controller
to find out if the sid belongs to a user or group, it's just
sid and we just map it to a uid and gid with the same number.
Which allows kerberos authentication without needing a domain controller.

> I'm not sure I ever understood this ID_TYPE_BOTH thing - I seem to
> remember that my understanding has been that it simplifies the code -
> that some rid backends don't know and don't care if a SID is a group or
> a user, but they sure can convert it to a unix ID, hence the "both", but
> that explanation doesn't mandate ability to generate passwd for a group,
> so hearing that this is actually what ID_TYPE_BOTH is all about was
> surprising to me.

When you do a ls -l the number uid or gid should be converted.
Or you can use chown with the name.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190926/0a05c550/signature.sig>