[Samba] default backend = rid not showing full group information for users
Magnus Holmgren
holmgren at lysator.liu.se
Mon May 4 21:18:11 UTC 2020
måndag 4 maj 2020 kl. 22:22:04 CEST skrev Rowland penny via samba:
> On 04/05/2020 21:06, Magnus Holmgren via samba wrote:
> > måndag 4 maj 2020 kl. 20:45:37 CEST skrev Rowland penny via samba:
> >> On 04/05/2020 19:24, Magnus Holmgren via samba wrote:
> >>> The systemd NSS module handles dynamically allocated users and groups
> >>> when
> >>> a unit has DynamicUser=true. See systemd.exec(5).
> >>
> >> Care to say where that would be used ?
> >
> > Wherever you want, I guess. I think the idea is to isolate network
> > services
> > better from each other than if you run them as nobody.
>
> So you don't actually know of a case where it could be used, I will just
> stick to removing 'systemd' from nsswitch.conf, others can do as they wish.
I thought you were asking for a use case. No, if you don't have any systemd
units that make use of the dynamic user feature, you don't need to include
that NSS module. Strictly speaking, you don't need it even you do use that
feature; that just means you can't translate the uids and gids, but since they
are ephemeral and not supposed to own any files, other than possibly temporary
ones, I don't see how that's much of a loss.
BTW I should have said that the idea is to isolate multiple instances of the
same service from each other. Different services preferably run under
different normal accounts.
--
Magnus Holmgren holmgren at lysator.liu.se
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba/attachments/20200504/23dba2b2/signature.sig>
More information about the samba
mailing list