[Samba] Back with my UID problems
wynkoop+samba at wynn.com
Thu Feb 26 20:35:46 MST 2015
On Thu, 26 Feb 2015 19:45:31 -0700
Nigel W <nigel.w at nosun.ca> wrote:
> Hello Brett,
> On Thu, Feb 26, 2015 at 6:10 PM, Brett Wynkoop
> <wynkoop+samba at wynn.com> wrote:
> > Where does your "Wisdom" about no UID below 1000 come from?
> I would guess it comes from distros (mostly the Linux ones) staticly
> assigning UID and GIDs to certain services to make the package
> managers job easier.
Thank you, that was exactly my point.
> But if your existing system has userids below that number, then you
> should no problem from that, but is it something to be aware if you
> add more modern clients.
This is what I was thinking as well.
> > I would submit that if Samba can not do this then Samba 4 is broken.
> > What is even more broken is that samba-tool silently accepted 34 as
> > a UID and created the samba user. If UIDs below 1000 are forbidden
> > then a properly written program would have thrown an exception.
> Numbers out of a specific range are masked out by idmap. It seems to
> be 10000-20000 is the default range, presumably to avoid problems of
> domain users getting access to data owned by system services that
> they should not be able to. You can change this range though, the
> member server setup wiki page explains it well enough. I am not
> aware of an actual code restriction on the ID range, but I am also
> not a developer.
> Hope this helps,
Thank you for this pointer and confirming what I thought had to be true.
I will check it and see what happens. This is the best help on this
issue since I first brought it to the group last fall. It is much more
useful than "Change all your existing users to have UIDs greater than
There is a real problem in the FreeSoftware world today with
people not understanding the hows and whys of things. Your reply is a
breath of fresh air.
I still contend that samba-tool should not have silently assigned a UID
other than what I requested. If the user requests something invalid
the proper response for the situation should have to been to given an
ABEND (for the youngsters on the list ABEND == Abnormal End) message
pointing out the problem.
Those who do not learn from history are doomed to repeat it.
wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt
I would never invade the United States. There would be a gun behind
every blade of grass. --Isoroku Yamamoto
More information about the samba