[Samba] FILE:/tmp/krb5cc_500 naming conventions
Rowland Penny
rpenny at samba.org
Mon Sep 11 08:07:38 UTC 2023
On Mon, 11 Sep 2023 08:57:15 +1200
Andrew Bartlett via samba <samba at lists.samba.org> wrote:
> On Sun, 2023-09-10 at 21:51 +0100, Rowland Penny wrote:
>
> > Yes, it probably would be donedifferently now, but that isn't what
> > we are talking about, we aretalking about, why would any user on a
> > DC have the Unix ID '500'.
>
> 500 was (and is likely on some distributions) the UID assigned in
> /etc/passwd to the first local user.
> Other systems start at 1000, to give more room for system services.
> This explains it well:https://serverfault.com/a/362946
Well yes, from a post that was made in 2012!
I am older than you Andrew, so I well remember '500' being used as the
start for numbering users on Linux (mainly red-hat), but most, if not
all, distros now start at '1000'
> > If I (the user rowland) run 'kinit Administrator' on a DC
> > with'idmap_ldb:use rfc2307 = yes' turned off, I get a kerberos
> > ticket'/tmp/krb5cc_3000020' (note the Unix ID '3000020'). The only
> > way that auser can get the Unix ID '500' on a DC, is if
> > 'idmap_ldb:use rfc2307 =yes' is set in smb.conf and the user has
> > the uidNumber attribute set to500, which as I already said is also
> > the RID for Administrator.
> > Why would anyone give a normal user the ID '500' ?
>
> The installer does, for the first system user.
Not for years.
I personally think it may have a bearing on the problem. I may be
wrong, I often am, but you do not seem to even want to entertain the
idea that you could just be wrong.
Rowland
More information about the samba
mailing list