[Samba] ad-backend: uidNumber set too late
Nico Kadel-Garcia
nkadel at gmail.com
Sat Sep 4 14:01:16 UTC 2021
On Sat, Sep 4, 2021 at 3:12 AM Rob Tho via samba <samba at lists.samba.org> wrote:
>
> Just to clarify:
>
> All machine accounts (both windows machines and Unix domain members) need a
> uid/gid entry ?
It identifies the owner and group of files. Network connections,
processes, IO connections, hardware devices, etc. are all "files".
Deciding who is running a process or opening a file and has permission
to read, to write to, to create or to delete such a file is vital to
the operating system. There are more complex systems, but the UNIX
models with a single owner, a single group, a setting for "other", and
pretty simple models of "read", "write" and "execute" access has been
very potent and very effective. Windows filesystems like NTFS, and
some more sophisticated system UNIX file systems like NFSv4, have
layers of user and group ownership and access.
Sadly, these extra layers are often used like gerrymandering poor
neighborhoods, used to confuse and to limit access in complex ways and
into deliberately obscure and difficult to manage districts. I tend to
find them not to be worth the trouble.
More information about the samba
mailing list