[Samba] [Not really Samba] Semantic was Permission Denied

mathias dufresne infractory at gmail.com
Tue Dec 8 19:29:32 UTC 2015

2015-12-08 17:54 GMT+01:00 Rowland penny <rpenny at samba.org>:

> On 08/12/15 16:33, mathias dufresne wrote:
>> 2015-12-08 17:15 GMT+01:00 Rowland penny <rpenny at samba.org>:
>> On 08/12/15 16:02, mathias dufresne wrote:
>>> On any Linux system where you want to be able to use AD users as system
>>>> users you need to configure PAM. This because it is PAM which discuss
>>>> with
>>>> the tool you have chosen to retrieve users information from AD and then
>>>> build system users with these information.
>>>> It may be better if you stop calling local Unix users 'system users',
>>> system users are something else, i.e. 'root' is a system user, as is
>>> 'www-data'
>> System users are users available from system side.
>> Local users are users declared in /etc/passwd.
>> What is the point of your remark?
> The point is that 'Unix system users" != 'Unix local users'
> On a Unix system, low ID numbers are used for system users i.e. root,
> www-data, ntp etc, these numbers are all under 1000 (used to be 500 on
> redhat systems), but they all appear in /etc/passwd.
> A Unix local user is a user that has an ID number of 1000 and upwards that
> appears in /etc/passwd. You can have a user called fred on two different
> Unix machines, but they would not be the same user. This is where AD comes
> in, by creating the user 'fred' in AD and giving the user a uidNumber, this
> user could log into any domain joined computer and would be the same user.

You wrote:
"A Unix local user is a user that has an ID number of 1000 and upwards that
appears in /etc/passwd."
How do you call a user declared in /etc/passwd with UID superior than 1000?

I understand your point of view but you seem to me the one needing to find
a new word, not me.

Let's forget this "local user" - which does not release you to answer my
previous question - and speak about "system users". For me a system is a
user available on system side, for command as getent, id... A user which
can interact with the system as a user.

Still for me, "local users" are anything declared locally regardless of
their UID.
This because:
- they are declared locally
- we mainly speak about Samba, as Samba is bound to act as AD, as AD is
designed to have an external user database which could be use on system
side, we really need a way to describe the difference between all local
users and users coming from AD. Here I'm still speaking about users which
can interact with the system ("system users" is shorter indeed).
This distinction is necessary for us to understand each other and it again
more necessary for new comers in Samba or AD world.

What for a user reading your mails where you told "A Unix local user is a
user that has an ID number of 1000 and upwards that appears in /etc/passwd"
and trust you? Should he remove all users in /etc/passwd with uid > 1000
because that's not how thing are nice or should he find a way to keep these
users and find a workaround?

In AD and any remote user DB there is two kinds of users: local users and
remote users. Reuniting both kinds and you get system users. All users
which can use the system as a system (shell if they are allowed, getent for
lazy test).

I really don't understand why you can't stop yourself complaining like
that. I was merely trying to describe a not-so-simple concept. All I get
was "It may be better if you stop "... Did you really write that to help
the original poster? Or just to complain?

Words are nothing more than words. They have meaning with context, only.
Especially in IT world where all moves so fast, language included.

I would end that with:
Rowland, please, try to make effort to understand others, try to understand
we are not all English native, try to be less rough, accept the idea we
(most of us) have to translate. And finally try to understand the way you
speak IT in your daily work is not necessarily the same way we speak IT
there, or here. We all have to adapt to understand each other. You too.

Thank you, with best regards,


More information about the samba mailing list