[Samba] default backend = rid not showing full group information for users

Rowland penny rpenny at samba.org
Tue May 5 18:27:20 UTC 2020

On 05/05/2020 18:57, Magnus Holmgren via samba wrote:
> tisdag 5 maj 2020 kl. 09:31:08 CEST skrev Rowland penny via samba:
>>> I thought you were asking for a use case. No, if you don't have any
>>> systemd
>>> units that make use of the dynamic user feature, you don't need to include
>>> that NSS module. Strictly speaking, you don't need it even you do use that
>>> feature; that just means you can't translate the uids and gids, but since
>>> they are ephemeral and not supposed to own any files, other than possibly
>>> temporary ones, I don't see how that's much of a loss.
>> OK, I will try this another way, just what are 'dynamic users' and what
>> would you use them for ?
>> I have only been using Linux since shortly after Linus released it and I
>> have never used a 'dynamic user' or felt the need to.
> It's explained on the man page. It's just a UID/GID pair systemd allocates
> from the range 61184...65519, but a few other security features are implied,
> such as private /tmp and readonly file system.
> http://man7.org/linux/man-pages/man5/systemd.exec.5.html#OPTIONS

I did a bit of investigation and yes it does  dynamically create id's 
for system users and groups, but it fell into the same trap as Debian 
did with the 'nobody' user & group. The ID's are slap bang in the middle 
of the range Microsoft used on the Unix attributes tab for SFU.

I will stick to removing 'systemd' from nsswitch.conf, everyone else can 
make their own mind up.


More information about the samba mailing list