[OpenIndiana-discuss] Solaris privileges and seteuid()
alka
alka at hfg-gmuend.de
Thu Aug 16 22:55:50 UTC 2012
thank you Gordon
This API call is the missing link.
With the help of this it is possible to use the ephemeral UID of an AD user from the idmap cache
to request the according SID and write it together with file to be compatible with CIFS.
Question:
The "real" Unix UID of a file, written with CIFS together with a Windows SID is nobody?
The idmap ephemeral mapping cache is generated on a CIFS user login.
How can this be initiated from another process?
Am 17.08.2012 um 00:22 schrieb Gordon Ross:
> On Thu, Aug 16, 2012 at 2:01 PM, James Relph <james at themacplace.co.uk> wrote:
> [...]
>> That's interesting, although it'll give me a headache trying to work out which method would be best (definitely pluses and minuses to the built-in method, and to SAMBA). The ephemeral mappings are the bit that is somewhat confusing. From what I've been reading, it sounded like what it does is to actually store the SID on-disk and convert that on the fly to an ephemeral UID. That might mean that the non-persistence of the ephemeral IDs across reboots doesn't matter (as the SID itself is still stored), but it's hard working out from the documentation exactly what's going on.
>>
>> James.
>
> Yes, ephemeral IDs are temporary representations of Security
> Identifiers (SIDs). The idmapd(1m) daemon maintains these in a cache,
> with time-to-live (TTL) based expiration. There's a library API for
> turning an ephemeral ID back into a SID - see: idmap_get_sidbyuid
> http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libidmap/common/idmap_api.c
>
>
> --
> Gordon Ross <gwr at nexenta.com>
> Nexenta Systems, Inc. www.nexenta.com
> Enterprise class storage for everyone
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
--
More information about the OpenIndiana-discuss
mailing list