[Samba] question about winbind rid idmaping
Andrew Walker
walker.aj325 at gmail.com
Thu Oct 29 12:57:02 UTC 2020
On Thu, Oct 29, 2020 at 8:07 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 29/10/2020 11:56, Andrew Walker wrote:
> >
> >
> > Several of the idmap backends (including idmap_rid) in samba support
> > id_type_both (the ID is both a user and a group). This is ultimately
> > needed for accurately producing Windows-style behavior regarding
> > permissions (where a group can be the owner of a file). Without
> > knowing the details of the ACL module, the best path forward would be
> > for you to figure out how to maintain windows-like behavior.
>
> The only place that I have found id_type_both to be used, is in
> idmap.ldb on a Samba AD DC.
RID also does this. You can see in the sid<->id mapping functions in
source3/winbindd/idmap_rid.c.
Andrea, you can look at the common nfsv4 code (source3/modules/nfs4_acls.c)
to see how ID_TYPE_BOTH is dealt with there (for instance
nfs4_acl_add_sec_ace()). Can you perhaps give more details about your ACL
modules (or a link to the source)?
More information about the samba
mailing list