[Samba] default backend = rid not showing full group information for users
Rowland penny
rpenny at samba.org
Tue May 5 18:27:20 UTC 2020
On 05/05/2020 18:57, Magnus Holmgren via samba wrote:
> tisdag 5 maj 2020 kl. 09:31:08 CEST skrev Rowland penny via samba:
>>> I thought you were asking for a use case. No, if you don't have any
>>> systemd
>>> units that make use of the dynamic user feature, you don't need to include
>>> that NSS module. Strictly speaking, you don't need it even you do use that
>>> feature; that just means you can't translate the uids and gids, but since
>>> they are ephemeral and not supposed to own any files, other than possibly
>>> temporary ones, I don't see how that's much of a loss.
>> OK, I will try this another way, just what are 'dynamic users' and what
>> would you use them for ?
>>
>> I have only been using Linux since shortly after Linus released it and I
>> have never used a 'dynamic user' or felt the need to.
> It's explained on the man page. It's just a UID/GID pair systemd allocates
> from the range 61184...65519, but a few other security features are implied,
> such as private /tmp and readonly file system.
>
> http://man7.org/linux/man-pages/man5/systemd.exec.5.html#OPTIONS
I did a bit of investigation and yes it does dynamically create id's
for system users and groups, but it fell into the same trap as Debian
did with the 'nobody' user & group. The ID's are slap bang in the middle
of the range Microsoft used on the Unix attributes tab for SFU.
I will stick to removing 'systemd' from nsswitch.conf, everyone else can
make their own mind up.
Rowland
More information about the samba
mailing list