getpwnam/uid for group with ID_TYPE_BOTH
Uri Simchoni
uri at samba.org
Thu Sep 26 05:56:20 UTC 2019
Cool, Thanks!
Uri.
On 9/26/19 8:48 AM, Stefan Metzmacher via samba-technical wrote:
> Hi Uri,
>
>> Can you elaborate on that sentence, and what is the use case for
>> generating passwd for a group? Is it related to a file being owned by a
>> group SID (administrators)?
>
> Yes. And also to support sid history, because the unix token can only
> have one uid. When I user is moved to a different domain his primary
> user sid changes, but the old sid is still in the token.
> And it means we have to change the mapping for that sid from a uid
> to a gid.
>
> Another thing is that we don't need to ask a domain controller
> to find out if the sid belongs to a user or group, it's just
> sid and we just map it to a uid and gid with the same number.
> Which allows kerberos authentication without needing a domain controller.
>
>> I'm not sure I ever understood this ID_TYPE_BOTH thing - I seem to
>> remember that my understanding has been that it simplifies the code -
>> that some rid backends don't know and don't care if a SID is a group or
>> a user, but they sure can convert it to a unix ID, hence the "both", but
>> that explanation doesn't mandate ability to generate passwd for a group,
>> so hearing that this is actually what ID_TYPE_BOTH is all about was
>> surprising to me.
>
> When you do a ls -l the number uid or gid should be converted.
> Or you can use chown with the name.
>
>
>
More information about the samba-technical
mailing list