[OpenIndiana-discuss] Solaris privileges and seteuid()
Gordon Ross
gordon.w.ross at gmail.com
Thu Aug 16 22:22:13 UTC 2012
On Thu, Aug 16, 2012 at 2:01 PM, James Relph <james at themacplace.co.uk> wrote:
[...]
> That's interesting, although it'll give me a headache trying to work out which method would be best (definitely pluses and minuses to the built-in method, and to SAMBA). The ephemeral mappings are the bit that is somewhat confusing. From what I've been reading, it sounded like what it does is to actually store the SID on-disk and convert that on the fly to an ephemeral UID. That might mean that the non-persistence of the ephemeral IDs across reboots doesn't matter (as the SID itself is still stored), but it's hard working out from the documentation exactly what's going on.
>
> James.
Yes, ephemeral IDs are temporary representations of Security
Identifiers (SIDs). The idmapd(1m) daemon maintains these in a cache,
with time-to-live (TTL) based expiration. There's a library API for
turning an ephemeral ID back into a SID - see: idmap_get_sidbyuid
http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libidmap/common/idmap_api.c
--
Gordon Ross <gwr at nexenta.com>
Nexenta Systems, Inc. www.nexenta.com
Enterprise class storage for everyone
More information about the OpenIndiana-discuss
mailing list